Information Systems Security Engineer (ISSE) – SME

About The Position

Requirements

• Deep knowledge of NIST 800-53, RMF, DoD cybersecurity policies, and system authorization processes
• Extensive experience with eMASS, POA&M management, and A&A activities
• Strong background in secure system design and systems engineering integration
• Minimum of 7 years of related experience
• Minimum 2 years of experience of the following:
• Experience in documenting RMF Assessment and Authorization requirements
• Experience in RMF testing of all CS requirements and analysis required to complete an RMF package document for submittal and approval
• Experience performing vulnerability risk analysis on the deficiencies found during RMF testing
• Must be able to supply total number of RMF authorizations performed
• Experience with IA tools and scanners used to evaluate the security posture of the system/enclave
• Experience with DoD-specific, DoN-specific, and NAVSUP-specific RMF services (including RMF package services) and using and complying with the Navy RMF Process Guide version 4.1 (or 4.0 or the latest version) and the NAVSUP FAO RMF Business Rules version 1.0 (or latest version)
• Experience with concurrently supporting over 10 RMF packages
• Must have a Tier III Level Clearance

Nice To Haves

• Bachelor’s degree in Cybersecurity, Information Technology, Engineering, or related field

Responsibilities

• Lead the development and sustainment of cybersecurity architecture for programs, systems, and enclaves
• Oversee the design and implementation of comprehensive cybersecurity solutions aligned with mission and compliance requirements
• Identify AO and SCA cognizance and define complex authorization requirements, including cross-domain solutions, reciprocity, and overlays
• Direct the selection and tailoring of security control baselines based on system categorization and risk posture
• Oversee development, maintenance, and governance of System Security Plans (SSPs)
• Lead security control implementation, validation, and testing across all lifecycle phases
• Perform and oversee advanced vulnerability and risk assessments for POA&M/CAP management
• Ensure execution of all required cybersecurity testing for A&A, continuous monitoring, and annual reviews
• Develop, review, and approve Security Assessment Plans (SAPs) and ensure proper execution
• Direct mitigation strategies and ensure closure of vulnerabilities through formal change control processes
• Oversee cybersecurity testing activities and ensure accurate documentation of control compliance status
• Ensure integrity, consistency, and traceability of all data within eMASS, including POA&M and artifact repositories
• Provide authoritative input to Risk Assessment documentation, including failed control summaries in eMASS
• Lead development and finalization of Security Assessment Reports (SARs) and Executive Summaries for SCA review
• Serve as primary authority for RMF coordination using the eMASS Collaboration Board
• Interface with PSO, PMO, ISSMs, and senior leadership to review findings and drive remediation efforts
• Integrate cybersecurity requirements into the system engineering lifecycle, ensuring secure design, development, and testing

Benefits

• medical, dental, and vision insurance
• a 401(k) plan with company matching
• tax-deferred savings options
• supplementary benefits
• paid time off
• professional development opportunities