We are seeking a highly skilled Information Systems Security Engineer (ISSE) to design, implement, and maintain security controls across enterprise systems and networks. This role ensures systems are compliant with security requirements while supporting mission-critical operations. The ISSE will work closely with system owners, engineers, and cybersecurity teams to integrate security throughout the system lifecycle.
Responsibilities:
Design, implement, and maintain security controls for information systems and networks
Support the Risk Management Framework (RMF) lifecycle, including system categorization, control selection, implementation, assessment, and authorization
Conduct security assessments, vulnerability scans, and risk analysis
Develop and maintain system security documentation (SSP, POA&M, SAR, etc.)
Ensure systems comply with NIST, RMF, and organizational security policies
Collaborate with ISSOs, system administrators, and developers to remediate vulnerabilities
Support continuous monitoring and incident response activities
Implement and manage security tools (SIEM, IDS/IPS, endpoint protection, etc.)
Provide technical guidance on secure system architecture and design
Stay current on emerging threats, vulnerabilities, and security technologies
Qualifications:
Active TS/SCI with Polygraph required.
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience)
5+ years of experience in information security, with focus on system security engineering
Hands-on experience with RMF and NIST 800-53 controls
Experience developing and maintaining A&A documentation (SSP, POA&M, ATO packages)
Knowledge of operating systems (Windows, Linux) and network security principles
Experience with vulnerability scanning tools (ACAS, Nessus, or similar)
Familiarity with security tools such as SIEM, firewalls, and endpoint protection
Understanding of encryption, identity management, and access control mechanisms