Cybersecurity Engineer III

Description

Information Systems Solutions (ISS) is seeking a Cybersecurity Engineer III to support the NIWC PAC Information Technology Management Support Services contract. This role maintains cybersecurity monitoring operations, performs triage to assess the scope and impact of incidents, identifies vulnerabilities, and recommends remediation strategies. The role requires in-depth knowledge of the Risk Management Framework.

This role is 100% onsite.

Key Responsibilities:

• Test and apply security controls based on security categorization, the application of overlays (privacy, classified, intel, etc.) and security control tailoring (AI, NOFORN, etc.).
• Conduct active and passive reconnaissance of data, with the ability to assess and author Plans of Milestones and Actions (POA&Ms) containing accurate and verifiable mitigation statements, milestone tracking, and mapping to the most relevant security controls.
• Develop comprehensive A&A documentation, including System Security Plans (SSP), Security Assessment Plans (SAP), Security Assessment Reports (SARs), and related artifacts.
• Adhere to eMASS scheduled tasking within the accreditation cycle, including Quarterly Independent Verification and Validation (IV&V), quarterly STIG checks, Annual Security Review (ASR), monthly POA&M updates, and resubmissions for ATO, ATC, IATC, and IATT as applicable.
• Maintain DISA circuit connections (CCSDs), inheritance from accredited systems and service providers, and accreditation workflow schedules.

Vulnerability Management & Daily Cyber Operations:

• Execute daily vulnerability management activities, including responding to and taking action on TASKORDs (Cyber Tasking Orders / Directives).
• Perform VRAM (Vulnerability Remediation Asset Manager) operations, including scan cleanup, validation of scan integrity, and investigation of scan results.
• Manage and improve CMRS (Cybersecurity Metrics Reporting System) scores, including remediation actions tied to STIG compliance and IAVA reporting.
• Review and assess risk reports within ceDAR, ensuring accurate risk identification, prioritization, and mitigation tracking.
• Analyze vulnerabilities using industry-standard identifiers such as CVEs (Common Vulnerabilities and Exposures) and IAVMs (Information Assurance Vulnerability Management alerts).
• Utilize endpoint security tools such as Microsoft Defender for Endpoint (MDE) (transitioning from Trellix) to support detection, response, and remediation efforts.
• Ensure data accuracy across vulnerability management platforms and maintain audit-ready records for compliance and reporting.

Why Work For ISS?

At ISS we pride ourselves on providing an employee-focused and family first environment. Being a small business, we take the time to get to know our employees and have a vested interest in helping them achieve their career goals. We work to schedule regular social gatherings within the company to foster camaraderie. ISS values their employees by providing a comprehensive benefits package that includes a fully vested 401(k) matching program, coverage of family medical deductibles, spot bonuses, and educational assistance to further your career.

Requirements

Clearance Level:

Secret

Certification IAT III

One of the following:

CASP+

CCNP Security

CISA

CISSP (or Associate)

GCED

GCIH

Required Qualifications:

• 10+ years of experience in cybersecurity, vulnerability management, or incident response.
• Strong working knowledge of DoD cybersecurity processes, including TASKORDs, IAVMs, STIGs, and RMF.

Skills & Competencies:

• Cybersecurity Monitoring and Incident Response
• Vulnerability Management and Remediation
• Security Testing, Auditing, and Compliance (STIG, IAVA)
• Data Analytics and Risk Assessment
• Proficiency with IT Security Tools and Endpoint Protection Platforms
• Strong analytical, investigative, and problem-solving skills

Salary Description

130,000-140,000