NISSC 3 Information Systems Security Engineer II (ISSE)

About The Position

Requirements

• 4–6 years of relevant, hands-on experience in systems security engineering, cybersecurity engineering, information assurance, or related discipline, ideally within a DoD or similarly regulated environment.
• Advanced knowledge of systems security engineering principles and practices, with demonstrated experience designing and implementing technical security controls.
• Hands-on experience conducting configuration assessments, vulnerability assessments, and risk assessments for DoD or similar high-assurance systems.
• Proven ability to configure, manage, and validate security tools and technologies in support of RMF, NIST, and DoD compliance.
• Experience supporting the development and maintenance of RMF A&A packages, including security documentation, control implementation statements, and evidence collection.
• Demonstrated capabilities in incident tracking, triage, remediation support, and collaboration with incident response teams.
• Proficiency in developing advanced security solutions and overseeing cybersecurity integration across complex systems and environments.
• Experience with one or more of the following tools (or similar): eMASS, XACTA, CORE, ACAS, SCAP tools, Nessus, Checkmarx, ZAP DAST
• Ability to interpret and apply DoD, NIST, and RMF policy, standards, and guidance in an operational environment.
• Strong written and verbal communication skills, including experience producing technical documentation, security reports, and risk/threat analyses.
• Must hold at least one qualifying DoD 8140 certification (e.g., CCSP, Cloud+, CSC, GCLD, GSEC, SecurityX/CASP+).
• Active DoD Secret clearance with eligibility to obtain TS/SCI.
• Bachelor’s degree in one of the following (or closely related) fields: Information Technology (IT), Cybersecurity, Computer Science (CS), Information Systems (IS), Data Science, Software Engineering OR Equivalent DoD/Military training in cybersecurity, information assurance, or systems security engineering.

Responsibilities

• Ensure automated information system (AIS) and network nodes are operated, maintained, and
• Analyze, design, and implement technical security controls for complex information systems in accordance with RMF, NIST, and DoD requirements.
• Perform configuration assessments, vulnerability assessments, and risk assessments for systems, applications, and supporting infrastructure.
• Configure, deploy, and validate security tools and technologies to monitor, detect, and protect against cyber threats.
• Support the development, documentation, and maintenance of assessment and authorization (A&A) packages, including system security plans (SSPs), plans of action and milestones (POA&Ms), and supporting artifacts.
• Conduct security impact analyses for system changes and recommend appropriate security engineering solutions.
• Participate in incident tracking and remediation activities; support root-cause analysis and corrective actions to prevent recurrence.
• Provide technical leadership and guidance on systems security engineering best practices to project teams and stakeholders.
• Oversee cybersecurity integration across systems, ensuring security controls are effectively implemented during design, development, test, deployment, and sustainment.
• Support vulnerability management activities, including scanning, analysis, remediation planning, and status reporting.
• Develop and submit security reports, threat analyses, and risk summaries to support program decision-making and senior leadership updates.
• Collaborate closely with the EDLM/UDLM Manager to ensure that emergency and urgent depot-level maintenance actions comply with cybersecurity requirements and do not introduce unacceptable risk.
• Contribute to continuous improvement of cybersecurity processes, procedures, and tooling in alignment with evolving DoD and NIST guidance.

Benefits

• healthcare benefits
• paid leave
• retirement plans
• insurance programs
• education and training assistance