Information Systems Security Engineer SME

About The Position

Requirements

• Active Top Secret clearance with SCI eligibility.
• U.S. citizenship.
• 10+ years of experience in secure design, analysis, and testing of information security systems and products.
• 10+ years of experience applying cybersecurity methods, standards, and approaches to ensure baseline security safeguards are properly implemented and documented.
• 10+ years of experience creating or updating security test plans to detect, assess, and mitigate risk to information systems.
• CISSP or CEH required.
• Experience supporting RMF, ATO, SAA, continuous monitoring, POA&M management, vulnerability remediation, security assessment, and audit readiness activities.
• Experience developing, reviewing, or improving federal cybersecurity documentation and authorization artifacts.
• Knowledge of NIST SP 800-53, NIST SP 800-53A, FIPS 199, FIPS 200, CNSS guidance, FISMA, and federal information security requirements.
• Ability to assess technical security evidence and provide risk-based recommendations to technical and non-technical stakeholders.
• Strong written and verbal communication skills.
• Ability to lead teams, mentor personnel, coordinate across multiple stakeholders, and manage complex cybersecurity tasks in a high-accountability environment.

Responsibilities

• Lead and support full lifecycle RMF and Security Assessment and Authorization activities for federal information systems.
• Provide senior technical guidance to system owners, ISSOs, ISSMs, engineering teams, program leadership, and authorization stakeholders.
• Advise on system categorization, security control selection and tailoring, control implementation, assessment readiness, risk analysis, and authorization package quality.
• Review and strengthen RMF documentation, including System Security Plans, control implementation descriptions, risk assessments, security test plans, assessment results, POA&Ms, inventories, network diagrams, data flow diagrams, and continuous monitoring artifacts.
• Evaluate technical, operational, and management controls to determine whether safeguards are implemented correctly, operating as intended, and supported by complete evidence.
• Identify technical control gaps and develop remediation recommendations that are practical, risk-informed, and aligned to federal cybersecurity standards.
• Support cloud security engineering activities for systems using AWS, Azure, Google Cloud, or hybrid environments.
• Provide technical input for vulnerability remediation, patch compliance, POA&M tracking, emergency directive response, audit readiness, and corrective action planning.
• Support security impact analysis for proposed technical changes, including architecture updates, system integrations, cloud services, network changes, and control modifications.
• Develop or improve templates, checklists, SOPs, evidence standards, dashboards, and repeatable processes that improve quality, consistency, and efficiency.
• Track and communicate risks, findings, action items, assessment status, remediation progress, and improvement opportunities to stakeholders and leadership.
• Maintain current knowledge of RMF, NIST, CNSS, FISMA, cloud security, and federal cybersecurity best practices.