Information Systems Security Engineer Sr.

Chenega Corporation•Reston, VA

6d•Hybrid

About The Position

The Senior Information Systems Security Engineer (ISSE) provides expert cybersecurity engineering support for Authorization and Authorization (A&A), network domain certification, Cross Domain Solutions (CDS), and ongoing risk management. This includes analyzing, designing, implementing, assessing, and continuously monitoring security posture for customer mission systems across unclassified (CAC/PIV) and TS/SCI networks. The role supports integration of cybersecurity into system engineering lifecycles, compliance with DoD/IC policies, and transition toward dynamic, automated risk management practices to maintain operational resilience in a high-tempo environment.

Requirements

Bachelor’s degree in computer science, Information Assurance, Cybersecurity, Engineering, or related field (or equivalent experience).
10+ years of progressive IT/cybersecurity experience, with at least 6+ directly supporting IC or DoD cybersecurity certification/accreditation, security engineering, or RMF/CSRMC activities.
Demonstrated hands-on experience with DoD/Army/IC cybersecurity policies, Risk Management Framework (RMF), evolving Cybersecurity Risk Management Construct (CSRMC), ICD 503, STE/CTE events, and A&A processes.
DoD 8140 IASAE Level II (or equivalent) certification: CISSP, CASP+, or CSSLP (current and maintained).
Active TS/SCI clearance required, CI Poly highly preferred.
Valid state driver’s license

Nice To Haves

Advanced degree or additional certifications (e.g., CCSP, CISM, GIAC, or cloud security credentials).
Experience with DevSecOps, automation tools, cloud environments, threat modeling, or modern security architectures.
Prior experience supporting Cross Domain Solutions or enterprise-level continuous monitoring platforms.
Strong familiarity with tools such as ACAS/Tenable, SCAP, Nessus, or similar

Responsibilities

Lead and support cybersecurity A&A activities, including RMF/CSRMC execution, for multiple systems on unclassified and TS/SCI domains, ensuring compliance with DoD, Army, and IC requirements (e.g., ICD 503).
Develop, review, and maintain security documentation and artifacts, including System Security Plans (SSPs), security control implementation, risk assessments, and accreditation packages.
Conduct security control assessments, Security Test and Evaluation (STE), Cybersecurity Test and Evaluation (CTE), technical vulnerability scanning, configuration assessments, and penetration testing; analyze results and manage POA&Ms with effective risk mitigations.
Perform security engineering for new/existing systems: design and integrate hardware, OS, software, and network solutions that meet categorized security requirements and controls (including support for DevSecOps pipelines where applicable).
Support continuous monitoring, security metrics reporting, integration testing of safeguards, and ongoing compliance audits/inspections.
Analyze information sensitivity, data flows, and threats to recommend and implement risk-based security designs, including zero-trust principles where relevant.
Assist in developing and updating security policies, procedures, and risk management strategies.
Collaborate with government stakeholders to ensure baselines meet domain standards and authorization-to-connect requirements; provide technical guidance and briefings as needed.
Support Cross Domain Solution (CDS) assessments and other specialized cybersecurity engineering tasks.
Provide onsite support in the Reston, VA SCIF at least 4 days per week; occasional after-hours or on-call support may be required.
Other duties as assigned.