Senior Information Security Systems Engineer

About The Position

Requirements

• Bachelor's degree in computer science, engineering or related field with 8+ years of experience working in computer hardware and software support
• Demonstrated experience with System Security Plans (SSPs), Risk Management Framework (RMF) processes, and ATO lifecycle management.
• Knowledge of NIST SP 800-53, NIST SP 800-37, FIPS 199/200, and other applicable federal cybersecurity standards.
• Proven experience with continuous monitoring, POA&M management, and security control assessments.
• Ability to obtain a NASA Public Trust clearance
• Apply sound logic and reasoning against troubleshooting difficult issues.
• Creativity to imagine innovative, effective solutions to problems, as well as manage multiple issues at the same time.
• Understanding and appropriately responding to feedback is an important aspect of this position.
• Both oral and written communication skills are vital to relaying important information, training new staff members, and communicating about solutions to complex problems.

Nice To Haves

• Degree in Cybersecurity, Information Assurance, or related discipline.
• Experience supporting systems under FedRAMP or CMMC.
• Familiarity with automated compliance and risk management tools (e.g., eMASS, Xacta, Archer, or CSAM).
• Professional certifications such as CISSP, CAP, CISM, CISA, or GSLC.
• Windows, Linux, or MacOS

Responsibilities

• Serve as the principal security advisor to the ISO for assigned information systems within a federal environment, ensuring compliance with NIST SP 800-53, NIST SP 800-37, and agency-specific security requirements.
• Update and maintain the System Security Plan (SSP), ensuring that control implementations, system descriptions, and security boundaries are accurately documented and kept current.
• Coordinate with system owners, administrators, and engineering teams to ensure system configurations and operations align with the approved SSP.
• Lead and manage the Authorization to Operate (ATO) process, including preparation of risk assessments, Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and continuous monitoring artifacts.
• Conduct periodic reviews and updates of SSPs and related security documentation to reflect system changes, audit findings, or emerging threats.
• Oversee the implementation and assessment of security controls in accordance with the NIST RMF.
• Provide guidance on risk mitigation strategies and assist with remediation efforts following audits or assessments.
• Lead continuous monitoring efforts, including vulnerability management, incident response coordination, and control effectiveness tracking.
• Prepare and deliver security status reports, risk summaries, and compliance briefings to senior leadership and agency stakeholders.
• Mentor junior ISSOs and serve as a subject matter expert in federal cybersecurity compliance and authorization processes.
• Support annual security plan testing and auditing in collaboration with the Information System Security Officer.
• Provide configuration and implementation control information to security stakeholders in support of POA&Ms, RBDs, and annual security plan audits.