Senior Information Systems Security Engineer

About The Position

Requirements

• Active Top Secret clearance with SCI eligibility.
• U.S. citizenship.
• Minimum of 8 years of experience in secure design, analysis, and testing of information security systems and products.
• Minimum of 8 years of experience applying cybersecurity methods, standards, and approaches to ensure baseline security safeguards are properly implemented and documented.
• Minimum of 8 years of experience creating or updating security test plans for detecting, assessing, and mitigating risk to information systems.
• Experience supporting RMF, Security Assessment and Authorization, ATO, continuous monitoring, security control implementation, security assessment, POA&M management, and authorization package development.
• Strong understanding of NIST SP 800-53, NIST SP 800-53A, FIPS 199, FIPS 200, CNSS requirements, FISMA, vulnerability management, and federal cybersecurity policy.
• Experience assessing technical security evidence and developing risk-based recommendations for decision-makers.
• Strong written and verbal communication skills, including the ability to explain technical risks, evidence gaps, remediation options, and authorization impacts to technical and non-technical stakeholders.
• Ability to coordinate across system owners, engineering teams, ISSOs, ISSMs, program leadership, and authorization stakeholders.
• CISSP or CEH certification required.

Responsibilities

• Lead and support implementation of the Security Assessment and Authorization program for assigned federal information systems.
• Support RMF activities across the Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor phases.
• Guide system categorization based on mission impact, classification, FIPS 199 categorization, hosting environment, technical complexity, data sensitivity, and applicable federal cybersecurity requirements.
• Advise on the selection, tailoring, implementation, testing, and documentation of security controls aligned to system risk posture and authorization needs.
• Develop, review, and improve RMF and SAA artifacts, including System Security Plans, control implementation descriptions, security assessment plans, security test plans, risk assessments, POA&Ms, continuous monitoring artifacts, inventories, network diagrams, data flow diagrams, and authorization packages.
• Support security control assessments by reviewing technical and procedural controls, validating evidence, identifying gaps, documenting findings, and supporting risk-based recommendations.
• Identify technical control gaps, assess risk, recommend remediation strategies, and coordinate corrective actions with system owners, engineers, ISSOs, and ISSMs.
• Support vulnerability remediation activities, including scan result analysis, POA&M development, remediation tracking, control impact analysis, and response to vulnerability reporting requirements.
• Support FISMA audit preparation, documentation quality reviews, evidence validation, audit response packages, and corrective action planning.
• Review proposed technical changes for security impact, compliance implications, architecture alignment, vulnerability exposure, and required mitigation.
• Support cloud-hosted, hybrid, or newly introduced technologies, including review of cloud control implementation, architecture, inherited controls, and authorization evidence, as assigned.
• Develop or improve templates, checklists, SOPs, evidence standards, control implementation guidance, dashboards, and repeatable processes to improve quality, consistency, and efficiency.
• Track and communicate risks, findings, remediation status, assessment progress, documentation quality, schedule concerns, and improvement opportunities to program leadership and stakeholders.
• Mentor cybersecurity personnel and help drive complex security engineering activities to closure.