Senior Information Systems Security Engineer

Job Description
ECS is seeking an experienced Senior Information Systems Security Engineer to support a mission-critical federal cybersecurity program in the National Capital Region or Huntsville, Alabama. This role provides senior-level cybersecurity engineering support for Security Assessment and Authorization, Risk Management Framework execution, technical control implementation, security assessment, continuous monitoring, vulnerability remediation, audit readiness, and risk management for federal information systems.

Please Note: This position is contingent upon contract award.

The selected candidate will coordinate with system owners, ISSOs, ISSMs, engineering teams, program leadership, and authorization stakeholders to strengthen authorization package quality, reduce technical control gaps, improve evidence completeness, and support timely, defensible risk-based decisions. Depending on assignment, the ISSE3 may support division-level security engineering, resource and project coordination, or new cloud technology security activities.

Key Responsibilities include:

• Lead and support implementation of the Security Assessment and Authorization program for assigned federal information systems.
• Support RMF activities across the Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor phases.
• Guide system categorization based on mission impact, classification, FIPS 199 categorization, hosting environment, technical complexity, data sensitivity, and applicable federal cybersecurity requirements.
• Advise on the selection, tailoring, implementation, testing, and documentation of security controls aligned to system risk posture and authorization needs.
• Develop, review, and improve RMF and SAA artifacts, including System Security Plans, control implementation descriptions, security assessment plans, security test plans, risk assessments, POA&Ms, continuous monitoring artifacts, inventories, network diagrams, data flow diagrams, and authorization packages.
• Support security control assessments by reviewing technical and procedural controls, validating evidence, identifying gaps, documenting findings, and supporting risk-based recommendations.
• Identify technical control gaps, assess risk, recommend remediation strategies, and coordinate corrective actions with system owners, engineers, ISSOs, and ISSMs.
• Support vulnerability remediation activities, including scan result analysis, POA&M development, remediation tracking, control impact analysis, and response to vulnerability reporting requirements.
• Support FISMA audit preparation, documentation quality reviews, evidence validation, audit response packages, and corrective action planning.
• Review proposed technical changes for security impact, compliance implications, architecture alignment, vulnerability exposure, and required mitigation.
• Support cloud-hosted, hybrid, or newly introduced technologies, including review of cloud control implementation, architecture, inherited controls, and authorization evidence, as assigned.
• Develop or improve templates, checklists, SOPs, evidence standards, control implementation guidance, dashboards, and repeatable processes to improve quality, consistency, and efficiency.
• Track and communicate risks, findings, remediation status, assessment progress, documentation quality, schedule concerns, and improvement opportunities to program leadership and stakeholders.
• Mentor cybersecurity personnel and help drive complex security engineering activities to closure.

Required Skills

• Active Top Secret clearance with SCI eligibility.
• U.S. citizenship.
• Minimum of 8 years of experience in secure design, analysis, and testing of information security systems and products.
• Minimum of 8 years of experience applying cybersecurity methods, standards, and approaches to ensure baseline security safeguards are properly implemented and documented.
• Minimum of 8 years of experience creating or updating security test plans for detecting, assessing, and mitigating risk to information systems.
• Experience supporting RMF, Security Assessment and Authorization, ATO, continuous monitoring, security control implementation, security assessment, POA&M management, and authorization package development.
• Strong understanding of NIST SP 800-53, NIST SP 800-53A, FIPS 199, FIPS 200, CNSS requirements, FISMA, vulnerability management, and federal cybersecurity policy.
• Experience assessing technical security evidence and developing risk-based recommendations for decision-makers.
• Strong written and verbal communication skills, including the ability to explain technical risks, evidence gaps, remediation options, and authorization impacts to technical and non-technical stakeholders.
• Ability to coordinate across system owners, engineering teams, ISSOs, ISSMs, program leadership, and authorization stakeholders.
• CISSP or CEH certification required.

Desired Skills

• Cloud certification preferred.
• Experience with AWS, Azure, Google Cloud, hybrid cloud environments, cloud authorization, cloud-native security services, control inheritance, and cloud security documentation.
• Experience supporting classified federal environments, federal law enforcement systems, national security systems, intelligence systems, or high-impact mission systems.
• Experience with GRC platforms, control inheritance, evidence reuse, dashboard reporting, workflow automation, and security documentation repositories.
• Experience with tools such as Tenable Nessus, Security Center, Splunk, IBM Guardium, WebInspect, Nmap, or similar cybersecurity platforms.
• Experience leading or mentoring cybersecurity teams in a high-accountability federal mission environment.
• Experience developing reusable templates, checklists, SOPs, evidence standards, and process improvements that improve authorization quality and reduce rework.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven