Current Job Opportunities: 

Information Systems Security Engineer​ (ISSE)

Job Description

The ideal candidate for this ISSE position will be a RMF Subject Matter Expert with an IAM Level (I,II, or III) Certification, and an Active DoD Secret Clearance. Candidate should have strong working knowledge and experience with eMASS, HP WebInspect, AppDetective, and Fortify (or alternate tools).

The ISSE will work with a team of Senior Cyber Security Specialists to provide expert consultation across a wide range of cross-functional areas of Cyber Security in support of this Department of Defense, Defense Health Agency (DoD/DHA) mission. The ISSE will provide project planning, guidance and technical expertise in the following areas: Cyber Security engineering program, policy, process, and planning; risk management, auditing, and assessments; Assessment and Authorization (A&A) using the NIST Risk Management Framework (RMF) guidelines; and quality control.


Minimum Qualifications:

  • United States Citizen that holds an Active DoD Secret Clearance

  • Verifiable IAM Certification (CISSP, CISM, or GSLC) 

  • Three (3) years of RMF experience

  • Six (6) yearso f demonstrated Cyber Security experience

Knowledge, Skills, and Abilities:

  • Working knowledge of current NIST Federal Information Processing Standards (FIPS) and Special Publications (SP):SP800-18, SP800-37, SP800-53, SP800-53A, SP800-60, FIPS-199, FIPS-201 and FIPS-140-2, and other policies and applications to enterprise IT security.

  • Ability to plan, organize, and direct long range studies

  • Strong interpersonal and communication skills

Hands-on Experience using the following Cyber Security Assessment Tools:

  • HP Web Inspect

  • AppDetective

  • Fortify

  • eMASS

  • DISA Security Requirements Guide (SRG)

  • DISA Security Technical Implementation Guides (STIG)



Use industry best practices in cyber security and security engineering related to vulnerability management, intrusion. Assist with development and maintenance of Operational Level Agreements (OLAs) and end-to-end Standard Operating Procedures (SOPs); and to identify collaborative responsibilities and support process interaction with other Government and contractor IT groups.

Develop and maintain a detailed policy matrix mapping Federal, and local policies to the required security controls as identified by National Institute of Standards and Technology (NIST) SP800-53. Documents include but are not limited to: Standard Operating Procedures (SOPs) Agency Training (e.g., cyber awareness, computer incidents, malicious codes, etc.).

Advise system owners on all matters, technical and otherwise, involving the security of assigned IT systems. Perform continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect for meeting the cyber security requirements for assigned IT systems. Work with technical teams to mitigate security control deficiencies for assigned IT systems. Assess the cyber security impact of changes to assigned IT systems. Conduct self-assessments of security controls, identify weaknesses and track remediation activities in Plan of Action and Milestones (POA&M).

Conduct technical vulnerability assessments and prioritize and track remediation efforts. Provide the required system access, information, and documentation to security assessment and audit teams. Participate in security assessments and audits for assigned systems and facilitate obtaining evidence for data requests. Complete required A&A (Assessment and Authorization) activities on assigned IT systems. Assist federal staff in assessing new applications, identifying applicable NIST SP 800-37 RMF requirements and advising system owners of the process.

Develop, update and maintain the System Security Plan (SSP)for assigned systems to include:

  • Federal Information Processing Standard (FIPS) Information Type

  • Interconnection Security Agreements

  • Plan of Action & Milestones (POA&M) and Privacy Impact Assessments (PIA)

  • Risk Assessments and Continuous Monitoring Plan

  • Configuration Management Plan, Contingency Plan and Contingency Plan tests

  • Incident Response Plans and Incident Response Plan tests

  • Security control baselines and Security control inheritance

  • Security Impact Analyses, Business Impact Analyses, SSP implementation statements.

  • Technical Description narrative and system Description narratives


Job Type: Full-time

Resumes and requests for additional information can be sent to