Cybersecurity Engineer (Isso)-Hybrid

Job Title: Cybersecurity Engineer (ISSO)

Location: Hybrid (At an APPROVED SIPR facility)

Clearance: Secret (Required)

Employment Type: Full-Time

Job Description

OTS is seeking a Cybersecurity Engineer (ISSO) to support security assessments, vulnerability tracking, and compliance enforcement for GFM-DI. This role serves as the cybersecurity technical advisor and support to the ISSM, interfacing with the AO, ISO, SCA, and mission stakeholders. The hybrid position allows remote flexibility but requires periodic on-site presence at an approved SIPR facility.

Responsibilities

RMF & Authorization Support

• Assist the ISSM in maintaining all RMF/C&A artifacts using eMASS or AF-authorized tools, including SSP narratives, control implementation statements, and continuous monitoring evidence.
• Support RMF implementation in accordance with DoDI 8510.01 and AFI 17-101, ensuring alignment to NIST 800-53 Rev. 5.

Vulnerability Management

• Execute vulnerability scanning and tracking using ACAS/Tenable, Checkmarx, SonarQube, and Dependency-Track; validate remediation evidence and ensure closure through retesting.
• Maintain POA&M accuracy and timelines, ensuring vulnerabilities are risk-ranked, assigned, tracked, and closed with defensible evidence.
• Support STIG implementation and IAVM compliance tracking.

Compliance & Annual Assessments

• Assist in conducting annual security control testing, system evaluations, and continuous monitoring actions.
• Prepare and maintain documentation required to support the annual FISMA assessment, including evidence collection and control effectiveness validation.

DevSecOps & Agile Integration

• Integrate security requirements into Agile/DevSecOps workflows using Jira and Confluence for traceability, evidence management, and sprint-level accountability.
• Integrate security automation into CI/CD pipelines and container security processes.

Documentation & Change Control

• Review and provide input to system documentation containing security-related content (architecture changes, boundary updates, interfaces, operational procedures)
• Support System Impact Analysis (SIA) and change control activities (CCB governance).

Required Qualifications

• Bachelor's degree in Cybersecurity, IT, or related field OR equivalent experience.
• IAM Level II Certification (CAP, CASP+, CISM, or equivalent).
• 10+ years of experience in cybersecurity operations.
• Hands-on experience implementing and documenting NIST 800-53 Rev. 5 controls in a DoD/Federal RMF environment.
• Experience supporting RMF workflows and documentation in eMASS or AF-approved tools.
• Experience with vulnerability scanning and remediation tracking using ACAS/Tenable.

Preferred Qualifications

• Experience tracking STIG compliance, POA&M management, and remediation evidence validation.
• Proficiency using Jira and Confluence to manage security workflows, audit evidence, and remediation traceability.
• Familiarity with Cloud One security tools and DevSecOps security automation.
• Experience conducting or supporting tabletop exercises (IR/CP validation) and documenting corrective actions.
• Experience with System Impact Analysis (SIA) and change control support (CCB governance).

Work Environment

Office environment. Requires ability to provide clear, concise, accurate and timely communication, both verbally and in writing (100%). Requires ability to interact professionally with co-workers, management, and client (100%). Occasional business travel may be required. Only requested and approved expenses will be covered by OTS.

EEO Statement

OTS is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or protected veteran status. U.S. Citizenship is required for most positions.