Principal Systems Security Engineer / Senior ISSM

Sierra Nevada Corporation•Lone Tree, CO

2d•$165,010 - $226,889•Hybrid

About The Position

The ISR (Intelligence, Surveillance & Reconnaissance), Aviation, and Security (IAS) business area is a leader in ISR and aviation, it is a leading prime manned and unmanned aircraft systems integrator for innovative, high-performance ISR and aviation systems. Its end-to-end Command, Control, Computers, Communications and Intelligence, Surveillance & Reconnaissance (C4ISR) capabilities encompass design, integration, test, certification, ground/flight training and complete logistics support. IAS tailors solutions to customer cost, performance, and schedule requirements and designs to consistently exceed expectations – with an unrivaled record of on time and on (or under) budget deliveries. SNC has led thoughtful and disruptive change in the aerospace and defense industry for the past 60 years and now, we’re applying this tenacity and expertise to the U.S. Air Force’s (USAF) Survivable Airborne Operations Center (SAOC) mission. Join the SNC-led SAOC team and be a part of exciting and meaningful work to modernize and deliver the next-generation SAOC aircraft trusted by the President, Secretary of Defense and Chairs of the Joint Chiefs of Staff to ensure continued critical command, control and communication during national emergencies. If you’re passionate about building the airborne command post of the future, consider SNC for your next mission. Learn more about NC3 and SAOC here. If you are adept at IT, identifying, installing, and troubleshooting technical solutions, and enjoy collaborating with multiple teams, we may have the perfect role for you! As a Principal Systems Security Engineer, you will act as a key leader in developing and executing our security strategy. You will oversee the security architecture, manage high-stakes security incidents, and provide expert consultation across the organization.

Requirements

Bachelor's degree in Systems Security, Network Engineering, Information Technology, or related Engineering discipline.
12+ years of experience in IT security or a related field.
Relevant experience can be considered as a substitute for the required educational qualifications. In the absence of a degree, a minimum of 16 years of related experience is required.
Higher level relevant degree may substitute for experience.
A minimum of 8 years in a formal ISSM role with direct ATO package ownership and government AO interface responsibility.
Deep expertise in cybersecurity principles and practices.
Experience with security frameworks and standards such as National Institute of Standards and Technology (NIST), ISO 27001.
Demonstrated hands-on-keyboard Nessus/Tenable execution experience — must be able to describe configuring scan policies, executing credentialed scans, interpreting results, and building Tenable dashboards from personal execution, not oversight.
Demonstrated hands-on ELK Stack (Elasticsearch, Logstash, Kibana) experience — log pipeline configuration, dashboard development, and security alert creation in a production or program security monitoring context.
Demonstrated hands-on Splunk SIEM experience — developing correlation searches, dashboards, and security use cases; triaging SIEM alerts; and managing Splunk forwarder deployments.
Active DISA STIG application experience — must have personally applied STIGs to live systems, not just reviewed or documented STIG compliance.
Ability to describe specific STIG finding categories, compensating control documentation, and POA&M management.
Demonstrated experience presenting security posture to government stakeholders — has personally briefed at government security reviews, ARBs, or AO-level meetings. Not supported a presenter — led the brief.
Deep working knowledge of NIST 800-53 Rev 5 — can explain control families, tailoring rationale, control inheritance, and assessment procedures without reference material.
Demonstrated RMF/ATO lifecycle ownership — has personally developed SSPs, SARs, POA&Ms, and security assessment evidence packages and presented them to a government AO for authorization decision.
Working knowledge of DCSA DAAG requirements for classified IS accreditation — has operated within a DCSA-governed program environment and coordinated with DCSA field representatives.
Working knowledge of CMMC framework — understands Level 2/3 practice domains, assessment objectives, and CUI protection requirements.
Has authored or substantially contributed to PPSM documentation — understands port/protocol justification requirements, DoD PPSM registry process, and PPSM enforcement mechanisms.
Demonstrate hands on proficiency on the following areas: Nessus / Tenable.sc, Tenable Dashboard Creation ELK Stack (Elastic/Kibana), Splunk SIEM, DISA STIGs / SRGs, eMASS / XACTA, RHEL / Linux, vSphere/VMware, GitLab / GitHub, Bash Scripting, CPU / System Architecture, PKI / Certificate Mgmt, NIST 800-53 Rev 5, RMF / ATO Process, DCSA DAAPM, CMMC Level 2/3, TEMPEST Requirements, PPSM Creation
Current/Active Top Secret U.S. Security Clearance is required.
U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment.
Non-U.S. Citizens may not be eligible to obtain a security clearance.

Nice To Haves

CISSP (Certified Information Systems Security Professional) — active certification preferred.
CISM, CASP+, or equivalent senior-level security certification.
IAM Level III or IAT Level III baseline certification required per DoD 8570/8140.
GitLab Certified Associate or GitHub Advanced Security certification.
Red Hat Certified System Administrator (RHCSA) or equivalent Linux administration certification.
Experience with Tenable Security Center (SC) enterprise deployment — multi-scanner architecture, repository management, and organizational reporting hierarchy configuration.
Familiarity with cross-domain solutions (CDS) and data transfer guard administration in classified multi-domain environments.
Experience with Zero Trust architecture implementation — network segmentation, identity-based access enforcement, and micro-segmentation concepts applied in a DoD program context.
Proficient in IT project management practices with a solid understanding of PMI/PMP frameworks, including planning, monitoring, controlling, and risk management.
Working knowledge of JIRA to manage and track Earned Value tasks, including schedule performance, cost performance, and workflow status
Experience managing multidisciplinary RMF teams and executing security assessments in accordance with DoDI 8510.01, NIST SP 800‑53A, CNSSI 1253, and program‑level authorization processes

Responsibilities

The Principal Systems Security Engineer / Senior Information System Security Manager (ISSM) is a dual-mode technical SME and program security lead responsible for the end-to-end cybersecurity posture, compliance governance, and system accreditation of information systems within a complex, multi-classification defense program environment.
This role combines active hands-on-keyboard technical security execution — vulnerability scanning, SIEM operations, STIG hardening, and system monitoring — with senior leadership accountability for ISSO team development, ATO lifecycle management, DCSA/DoW/IC compliance framework implementation, and direct representation of program security posture to government stakeholders and Authorizing Officials.
The Principal Systems Security Engineer /Senior ISSM operates with authority across both the technical and governance dimensions of information security.
On the technical side, they execute and oversee vulnerability management, security monitoring, configuration hardening, and incident response with hands-on proficiency.
On the governance and leadership side, they own the program's RMF/ATO strategy, develop and enforce the security policies and procedures that govern the program environment, train and mentor ISSOs/ISSEs, coordinate with DCSA/DOW/IC and government stakeholders, and brief program security status at formal USG reviews.
Neither dimension is optional — this role demands both simultaneously.