Posted today
Secret
Unspecified
Unspecified
IT - Security
San Diego, CA (On-Site/Office)
Description
Information Systems Solutions (ISS) is seeking a Cybersecurity Engineer with strong experience in Risk Management Framework (RMF) and Assessment & Authorization (A&A) processes to serve as the primary cybersecurity resource supporting a system Authority to Operate (ATO). This role operates independently with minimal direct supervision and is responsible for managing day-to-day RMF execution activities. The engineer will have local reach back support to a broader cybersecurity team but will function as the primary practitioner for ATO lifecycle activities.
100% onsite.
Specific duties include, but are not limited to the following:
Primary RMF / A&A Execution
• Execute RMF activities in accordance with NIST SP 800-37, DoDI 8510.01, and Navy RMF guidance.
• Develop, update, and maintain A&A documentation including System Security Plans (SSP), Security Control Traceability Matrices (SCTM), POA&Ms, and supporting artifacts.
• Manage and maintain eMASS packages through authorization and continuous monitoring phases.
• Coordinate directly with Authorizing Officials (AOs), Security Control Assessors (SCAs), ISSMs, ISSOs, and system engineers.
• Prepare systems for ATO, ATO renewal, and interim authorization milestones.
• Independently track package status, milestones, and required artifacts to ensure timely authorization.
Security Control Implementation & Validation
• Validate implementation of NIST SP 800-53 security controls.
• Support DISA STIG implementation and remediation tracking.
• Review system configurations, architecture diagrams, and data flows for security compliance.
• Analyze ACAS, SCAP, or equivalent vulnerability scan results and document corrective actions.
• Maintain accurate and actionable POA&Ms.
Continuous Monitoring & Risk Management
• Develop and maintain continuous monitoring strategies and documentation.
• Track cybersecurity posture and risk metrics for reporting to government stakeholders.
• Support impact analysis for system changes and configuration updates.
• Ensure alignment with enclave-specific requirements.
Collaboration & Advisory Support
• Provide cybersecurity guidance to system, network, and cloud engineers.
• Identify security gaps and recommend risk mitigation strategies.
• Coordinate with enterprise cybersecurity teams for policy alignment and reachback support.
• Support audit readiness and inspection activities.
Why Work For ISS?
At ISS we pride ourselves on providing an employee-focused and family first environment. Being a small business, we take the time to get to know our employees and have a vested interest in helping them achieve their career goals. We work to schedule regular social gatherings within the company to foster camaraderie. ISS values their employees by providing a comprehensive benefits package that includes a fully vested 401(k) matching program, coverage of family medical deductibles, spot bonuses, and educational assistance to further your career.
Requirements
Clearance Level:
Secret
Certification (IAM Level II)
One of the following:
CASP+
CAP
CISM
CISSP (or Associate)
GSLC
Required Skills:
• 5+ years of experience supporting RMF and A&A processes in DoD environments.
• Demonstrated experience independently managing eMASS packages.
• Strong working knowledge of NIST SP 800-53 security controls.
• Experience supporting systems through ATO authorization and renewal cycles.
• Ability to operate independently with minimal supervision while coordinating with distributed teams.
Preferred Qualifications:
• Experience supporting classified environments (e.g., SWAN, RDT&E, SDREN, IL5/IL6 Cloud).
• Familiarity with ACAS, SCAP, or other vulnerability management tools.
• Experience integrating RMF activities into DevSecOps or cloud environments.
• Strong written documentation and briefing skills.
Salary Description
130,000-140,000
Information Systems Solutions (ISS) is seeking a Cybersecurity Engineer with strong experience in Risk Management Framework (RMF) and Assessment & Authorization (A&A) processes to serve as the primary cybersecurity resource supporting a system Authority to Operate (ATO). This role operates independently with minimal direct supervision and is responsible for managing day-to-day RMF execution activities. The engineer will have local reach back support to a broader cybersecurity team but will function as the primary practitioner for ATO lifecycle activities.
100% onsite.
Specific duties include, but are not limited to the following:
Primary RMF / A&A Execution
• Execute RMF activities in accordance with NIST SP 800-37, DoDI 8510.01, and Navy RMF guidance.
• Develop, update, and maintain A&A documentation including System Security Plans (SSP), Security Control Traceability Matrices (SCTM), POA&Ms, and supporting artifacts.
• Manage and maintain eMASS packages through authorization and continuous monitoring phases.
• Coordinate directly with Authorizing Officials (AOs), Security Control Assessors (SCAs), ISSMs, ISSOs, and system engineers.
• Prepare systems for ATO, ATO renewal, and interim authorization milestones.
• Independently track package status, milestones, and required artifacts to ensure timely authorization.
Security Control Implementation & Validation
• Validate implementation of NIST SP 800-53 security controls.
• Support DISA STIG implementation and remediation tracking.
• Review system configurations, architecture diagrams, and data flows for security compliance.
• Analyze ACAS, SCAP, or equivalent vulnerability scan results and document corrective actions.
• Maintain accurate and actionable POA&Ms.
Continuous Monitoring & Risk Management
• Develop and maintain continuous monitoring strategies and documentation.
• Track cybersecurity posture and risk metrics for reporting to government stakeholders.
• Support impact analysis for system changes and configuration updates.
• Ensure alignment with enclave-specific requirements.
Collaboration & Advisory Support
• Provide cybersecurity guidance to system, network, and cloud engineers.
• Identify security gaps and recommend risk mitigation strategies.
• Coordinate with enterprise cybersecurity teams for policy alignment and reachback support.
• Support audit readiness and inspection activities.
Why Work For ISS?
At ISS we pride ourselves on providing an employee-focused and family first environment. Being a small business, we take the time to get to know our employees and have a vested interest in helping them achieve their career goals. We work to schedule regular social gatherings within the company to foster camaraderie. ISS values their employees by providing a comprehensive benefits package that includes a fully vested 401(k) matching program, coverage of family medical deductibles, spot bonuses, and educational assistance to further your career.
Requirements
Clearance Level:
Secret
Certification (IAM Level II)
One of the following:
CASP+
CAP
CISM
CISSP (or Associate)
GSLC
Required Skills:
• 5+ years of experience supporting RMF and A&A processes in DoD environments.
• Demonstrated experience independently managing eMASS packages.
• Strong working knowledge of NIST SP 800-53 security controls.
• Experience supporting systems through ATO authorization and renewal cycles.
• Ability to operate independently with minimal supervision while coordinating with distributed teams.
Preferred Qualifications:
• Experience supporting classified environments (e.g., SWAN, RDT&E, SDREN, IL5/IL6 Cloud).
• Familiarity with ACAS, SCAP, or other vulnerability management tools.
• Experience integrating RMF activities into DevSecOps or cloud environments.
• Strong written documentation and briefing skills.
Salary Description
130,000-140,000
group id: 10122467
