Serve as the primary technical authority for the security and resilience of mission-critical systems.
Integrate security engineering principles into every phase of the Software Development Life Cycle to design and maintain secure architectures.
Collaborate with software developers, systems engineers, and government stakeholders to navigate the Risk Management Framework (RMF) lifecycle and maintain Authority to Operate (ATO) for complex cloud and on-premise environments.
Lead the end-to-end Risk Management Framework (RMF) process, managing NIST 800-53/171 control sets and coordinating with cybersecurity entities (SCA/DAO).
Drive 'security by design' by reviewing technical change requests, evaluating new technologies, and providing security oversight for cloud-based platforms (AWS/Azure).
Conduct system inspections and vulnerability assessments to manage POA&Ms, prioritize system patching, and ensure robust disaster recovery and contingency planning.
Establish continuous monitoring protocols to track security posture, enforce cybersecurity policies, and brief complex technical risks to senior stakeholders.

Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, Engineering, or related degree
Minimum of 5 years of progressive experience in Cybersecurity, Information Assurance, or related background.
Active TS/SCI
DoD 8570 IAT Level II Compliance (e.g., Security+, CCNA Security, or CySA+).
Full RMF Lifecycle Mastery: Deep experience navigating the Risk Management Framework (NIST 800-37) to secure and maintain Authority to Operate (ATO).
Expert knowledge of NIST 800-53 and 800-171 control sets
Ability to author cybersecurity policies, manage POA&Ms, and develop Contingency/Disaster Recovery plans.
Experience reviewing system changes for security impact and collaborating with dev teams to integrate new technologies securely.
Proficiency in conducting security inspections, audits, and vulnerability analysis.

Information Systems Security Engineer

Key skills