Cyber Security Engineer (ISSE)

Torch Technologies, Inc.

1d•Onsite

About The Position

Torch Technologies is seeking an experienced and mission-focused Principal Cybersecurity Engineer (ISSE) to lead the security engineering efforts for a critical Department of War (DoW) system operating at the Top Secret and Special Access Required (SAR) levels. The primary and overriding responsibility of this role is to serve as the technical lead for achieving and maintaining the system's Authority to Operate (ATO). This role involves being the core subject matter expert for all security control implementation, validation, and documentation, translating the complex requirements of the Risk Management Framework (RMF) and the Joint Special Access Program (SAP) Implementation Guide (JSIG) into a tangible, defensible security posture. This is a hands-on engineering role for a cybersecurity expert who excels at navigating the complexities of the DoW accreditation process.

Requirements

U.S. Citizenship
Bachelor's Degree in Computer Science, or a related field or equivalent experience
10+ years in cybersecurity/information assurance, with at least 5 years in a hands-on ISSE role.
TS Clearance is required.
Experience leading a DoD system through the full RMF lifecycle to successfully achieve an ATO at the TS//SAR level. You must be able to speak authoritatively on this process from start to finish.
Demonstrable, in-depth experience implementing and validating controls under the JSIG.
Must meet DoD 8140 IASAE Level II or III requirements.
Expert-level knowledge of RMF, JSIG, NIST SP 800-53, and DISA STIGs.
Proficiency with security tools such as ACAS/Nessus, SCAP Compliance Checker (SCC), and SIEM solutions.
Strong technical understanding of operating systems (Windows/Linux), networking concepts, and virtualization.

Nice To Haves

CISSP-ISSEP (Information System Security Engineering Professional) certification.
Bachelor's or Master's degree in Cybersecurity or a related technical field.
Experience with automated compliance and hardening tools.
Experience securing cloud environments within AWS GovCloud or Azure Government.

Responsibilities

Lead all technical security activities required to prepare the system for its formal security assessment and authorization.
Engineer, implement, and validate the technical security controls required by NIST SP 800-53 and as tailored by the JSIG. This includes hands-on hardening of operating systems, network devices, applications, and databases in accordance with DISA STIGs.
Author, compile, and maintain the complete RMF security documentation package. This includes creating and managing the System Security Plan (SSP), system diagrams, hardware/software lists, and detailed descriptions of control implementations.
Manage the system's security posture by conducting vulnerability scans with tools like ACAS, analyzing results, and leading remediation efforts with the system administration team.
Act as the primary technical point of contact during security control assessments. You will be responsible for demonstrating control effectiveness to government assessors and defending the system's security design.
Develop and execute a robust continuous monitoring strategy to ensure the system remains compliant and secure post-ATO, including analyzing audit logs and responding to security events.