Information Systems Security Engineer - Senior

Information Systems Security Engineer - Senior

Location: Alexandria, VA or Kearneysville, WV

Clearance: DoD Secret

Our client is a Small Business Administration (SBA)-certified Historically Underutilized Business Zone (HUBZone) and Woman-Owned Small Business (WOSB) that delivers services and solutions that maximize our customers' positive impact on society. We are dedicated to supporting, maximizing, and evolving digital solutions and information technology that enables government services to be more effective, accessible, and available to the public.

We are seeking an experienced Information Systems Security Engineer (ISSE) with a strong background supporting Department of Defense (DoD) and Department of Homeland Security (DHS) programs. This position focuses on maintaining compliance, ensuring operational security posture, and coordinating security documentation and activities across multiple stakeholders. The ideal candidate is detail-oriented, familiar with federal cybersecurity frameworks, and able to communicate effectively with both technical teams and senior leadership.

This role requires a solid understanding of information assurance concepts, governance requirements, and accreditation processes. Applicants should be knowledgeable about RMF processes and documentation. While a high degree of technical proficiency is desired, applicants should be highly skilled in understanding and documenting technical implementations, acting as a bridge between system engineering staff, cybersecurity staff, and program leadership.

Location:

• Alexandria, VA
• Remote support as authorized by the customer
• Travel to customer sites across CONUS may be required

Clearance Required:

• U.S. Citizenship and an active Secret clearance (or higher).

Qualifications: Required

• 6+ years of experience supporting cybersecurity, RMF, or information assurance functions
• Demonstrated experience with one or more of the following technical areas:
• Virtualized or cloud-based systems (AWS GovCloud, Azure Government, or similar)
• Virtual desktop/workspace platforms (VDI, Citrix, VMware Horizon, Azure Virtual Desktop)
• Software Factory / DevSecOps environments (GitLab, Jenkins, Nexus, SonarQube, etc.) including API management tools and data streaming
• Identity, Credential, and Access Management (ICAM) solutions (PIV/CAC, IdM, MFA, SSO, RBAC)
• WAN/LAN networks, SIPR and unclassified domains, firewalls and other boundary/perimeter security systems
• Continuous monitoring and end point management systems (Trellix, MECM, InTune, ACAS, SolarWinds) Data center and physical computer/storage systems
• Physical end user systems such as laptops, workstations, printers and multi-functional devices, mobile devices
• Working knowledge of:
• NIST SP 800-37, 800-53, 800-171, and FIPS 199/200
• DoD RMF and cybersecurity directives
• FISMA, FedRAMP, and Zero Trust principles
• Ability to collaborate effectively with engineers, administrators, and leadership to translate technical configurations into compliance documentation.
• Strong written communication and briefing skills.
• CCISO; CISM; CISSP (or Associate); GSLC

Qualifications: Preferred

• Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
• Experience supporting U.S. Coast Guard, DHS CISA, or DoD cybersecurity programs.
• Familiarity with eMASS, Xacta, or similar RMF management platforms.
• Hands-on familiarity with SIEM tools (e.g., Splunk, ArcSight), endpoint security, or vulnerability management systems.
• Experience applying Zero Trust Architecture (ZTA) or ICAM modernization principles.
• Additional cloud or DevSecOps-related certifications (e.g., AWS Certified Security - Specialty, Azure Security Engineer, or DoD Cloud Proficiency) are highly desirable.

Duties and Responsibilities:

• Support the Risk Management Framework (RMF) lifecycle, including categorization, control selection, assessment, and authorization.
• Develop and maintain key documentation such as System Security Plans (SSPs), Security Assessment Reports (SARs), and POA&Ms.
• Collaborate with infrastructure, DevSecOps, and cloud engineering teams to ensure security controls are implemented in virtualized and containerized environments.
• Evaluate and document compliance for FedRAMP DoD IL2/4/5/6, or other cloud baselines as applicable.
• Participate in technical design reviews to ensure alignment with RMF, Zero Trust, and ICAM principles.
• Support implementation and continuous monitoring of security controls within Microsoft Azure Government, AWS GovCloud, or DoD Cloud environments.
• Analyze and mitigate vulnerabilities identified through automated scans or assessments.
• Work with product managers to proactively plan security compliance and review ongoing security engineering tasks and projects Coordinate with ISSOs, system owners, and Authorizing Officials (AOs) to maintain Authority to Operate (ATO) status and ensure timely remediation of findings.
• Facilitate approvals for network interconnections such as the Boundary Cloud Access Point (BCAP) and DISA System/Network Approval Process (SNAP) through the provisioning of required documentation
• Support Product Teams in the preparation, response, and finding remediation for JFHQ-DoDIN Cyber Operational Readiness Assessments (CORAs)

Decision Making Authority:

Decision-making authority for own individual work efforts delivered as part of day-to-day support of the program