Information Systems Security Engineer (ISSE)
AMERICAN SYSTEMS•Arlington, VA
•Onsite
About The Position
AMERICAN SYSTEMS, a 100% employee-owned federal contractor, is seeking a highly experienced Information Systems Security Engineer (ISSE) to support a Special Access Program (SAP) in Arlington, VA. This role is suited for an experienced security engineer who combines deep JSIG and RMF expertise with hands-on security assessment experience across both Linux and Windows systems in highly restricted environments. The ideal candidate understands security controls at an engineering level and can author, tailor, and defend documentation without reliance on automated RMF tools.
Requirements
- Active Top Secret/SCI with SAP eligibility
- Bachelor’s degree in a STEM discipline with 10–11 years of relevant experience, or Master’s degree with 8–10 years of relevant experience
- Minimum 5 years of experience designing and implementing enterprise-scale security solutions with hands-on security assessment experience across Linux systems, including command-line validation
- DoD 8140 IAT Level III–equivalent certification (e.g., SecurityX, CISSP, CCNP Security, CISA, GCED, GCIH, or CCSP)
- Demonstrated experience supporting Special Access Programs (SAP)
- Working knowledge of JSIG and its application to RMF authorization
- Proven experience authoring RMF/JSIG artifacts by hand, without reliance on automated RMF tools (eMASS, Xacta, etc.)
- Strong background in RMF, ICD 503, NIST SP 800-53, DCID 6/3, or current DoD authorization practices
- Experience supporting security tools such as Splunk Enterprise, HBSS, McAfee ePO, ENS, and DLP
- Demonstrated security engineering experience across Linux, Windows, Cisco platforms, databases (SQL or Oracle), and virtualized environments
- Willingness to submit for a CI Polygraph
Responsibilities
- Design and implement enterprise-level security architectures for SAP systems
- Apply JSIG requirements to system authorization, control implementation, and documentation
- Manually develop RMF/JSIG authorization artifacts, including SSPs, control narratives, POA&Ms, and supporting evidence
- Perform hands-on security assessments on Linux and Windows systems, including command-line audits, compliance scans, log review, and control validation
- Analyze scan results, identify security gaps, and support remediation planning and execution
- Validate and implement host-based firewall and security configurations in coordination with system administrators
- Manage and track POA&Ms through mitigation, remediation, or risk acceptance
- Ensure system compliance through continuous monitoring of controls, procedures, and documentation
- Identify security deficiencies and provide actionable remediation recommendations
- Support system recovery and security oversight following outages or incidents
- Participate in change management activities, assessing security impacts to SAP systems
- Support security investigations, incident response, and remediation activities
- Collaborate with engineering teams to integrate security requirements into system design and production releases
Benefits
- healthcare benefits
- paid leave
- retirement plans
- insurance programs
- education and training assistance
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
