(670) Senior Information Systems Security Engineer (ISSE)

Position Overview

Seeking an RMF Senior Information Systems Security Engineer (ISSE) and Subject Matter Expert to support mission-critical Office of the Undersecretary of War for Acquisition and Sustainment (OUSW (A&S)) capabilities across all phases of the Risk Management Framework (RMF) lifecycle.

This role focuses on engineering, integrating, and validating cybersecurity controls within system architectures, ensuring systems are secure by design, resilient, and aligned to mission requirements.

The ISSE will apply System Security Engineering (SSE) principles to support system design, development, integration, and sustainment, ensuring cybersecurity is embedded throughout the lifecycle—not applied post-development.

Work Location: Full-Time Onsite (Mark Center, DMV)

Clearance: Top Secret with SCI eligibility

To be successful in this position, the candidate must possess a firm understanding of statutory guidance including:

• DoDI 8500.01 (Cybersecurity)
• DoDM 8140.03 (Cyber Workforce Qualification Program)
• NIST SP 800-37 Rev. 2 (RMF)
• NIST SP 800-53 (Security Controls)
• NIST SP 800-160 (System Security Engineering)

Successful Candidates Should Be Able To:

• Engineer and Integrate Cybersecurity Controls: Design, implement, and validate technical security controls across all lifecycle phases, ensuring alignment with DoD 8500.01 and NIST 800-53.
• Apply System Security Engineering Principles: Embed security into system architectures, designs, and interfaces in accordance with NIST 800-160.
• Security Architecture Development: Define and analyze system architectures, including authorization boundaries, data flows, trust zones, and interconnections.
• Threat Modeling & Risk Engineering: Perform threat modeling, attack surface analysis, and vulnerability assessments to inform engineering decisions.
• Security Implementation & Integration: Collaborate with system engineers, developers, and architects to integrate security into system designs and DevSecOps pipelines.
• DevSecOps Enablement: Ensure integration of security tooling (SAST/DAST, IaC scanning, container security) within CI/CD pipelines.
• Technical Risk Mitigation: Translate risks into engineering solutions and implement mitigations within system design.
• Assessment Support: Support security assessments by validating control implementation and resolving technical findings.
• Continuous Monitoring Engineering: Design and implement telemetry, automation, and monitoring strategies to maintain system security posture.
• Security Documentation: Develop and maintain engineering-focused artifacts (SSP inputs, architecture diagrams, data flows, control implementations).

Job Responsibilities and/or Success Factors:

• Utilize expert knowledge of cybersecurity engineering and RMF to support major DoD programs.
• Serve as a technical cybersecurity engineering authority, ensuring systems are architected and implemented securely.
• Integrate System Security Engineering (SSE) into system lifecycle processes (design → development → deployment → sustainment).
• Collaborate with ISSMs, ISSOs, SCAs, and engineers to ensure proper implementation of security controls.
• Design and validate secure system architectures, including:
• Authorization boundaries
• Data flows
• Trust zones
• External interfaces (ISAs)
• Perform threat modeling and attack surface analysis to identify design weaknesses.
• Engineer and implement security controls within system environments, ensuring alignment with NIST 800-53.
• Support DevSecOps integration, including automation of security testing and validation.
• Validate implementation of:
• ACAS / SCAP / STIG compliance
• Secure configurations
• Encryption and key management (FIPS 140-3)
• Support Security Impact Analyses (SIA) for system changes and capability integration.
• Analyze assessment results (SARs, scan outputs) and translate findings into engineering remediation actions.
• Support Continuous Monitoring (ConMon) through:
• Telemetry integration
• Automated data collection
• Security dashboards
• Maintain engineering artifacts including:
• Architecture diagrams
• Data flow diagrams
• Interface definitions
• Control implementation evidence
• Provide technical input to support authorization decisions (AODB / AO briefings).
• Support OVL (Operation Vulcan Logic) processes and agile authorization approaches.
• Ensure systems are:
• Secure by design
• Continuously monitored
• Technically validated
• Defensible to the Authorizing Official (AO)

Enhanced ISSE-Focused Capabilities:

• Apply Zero Trust Architecture (ZTA) principles across system design and integration.
• Engineer Identity, Credential, and Access Management (ICAM) solutions.
• Design and implement secure data architectures, including encryption and data protection strategies.
• Support AI/ML system security engineering, including model integrity and data pipeline protection (as applicable).
• Develop automated security validation pipelines supporting cATO objectives.
• Integrate SBOM/AIBOM and supply chain risk management into system engineering processes.
• Support cloud security engineering aligned to FedRAMP High and DoD Cloud SRG (IL5).

Education and Minimum Qualifications

• Active Top Secret clearance with SCI eligibility
• Bachelor’s degree in computer science, engineering, cybersecurity, or related field(Master’s preferred or 10+ years equivalent experience)
• 10+ years of cybersecurity experience with a strong technical engineering focus
• Relevant certifications (one or more preferred):
• CISSP
• CASP+
• CCSP
• CISM
• Experience with:
• DoD RMF and A&A processes
• eMASS, Xacta, or similar GRC tools
• Cloud environments (AWS, Azure, Google Cloud – FedRAMP/DoD SRG)
• Strong understanding of:
• System architecture and design
• Networking and infrastructure
• DevSecOps pipelines
• Excellent communication skills, with ability to brief technical concepts to senior leadership
• Experience supporting OSD, DoD, or Military components preferred