Information Systems Security Engineer

Position Title: Information Systems Security Engineer (ISSE)
Security Clearance: Top Secret / SCI Eligible (verifiable in DISS)
Position Location: Washington, D.C. (five days a week on-site)
Employment Status: W2/Independent Consultant/1099 (Full-time)
Travel: No
Tentative Start Date: ASAP
Compensation/Hourly Rate: Negotiated during the final interview Position Description: We are seeking a highly skilled Information Systems Security Engineer (ISSE) to provide
cybersecurity support as a member of a Risk Management Framework (RMF) Team. The candidate
should possess an expert knowledge of RMF/Authority to Operate (ATO) package requirements and
eMASS. The ISSE will support the Information System Security Manager (ISSM) and Program Manager
(PM)/Information System Owner (ISO) in developing project requirements and plans to ensure project
success, and will work collaboratively with other ISSEs/ISSOs, IT SMEs, and System Administrators to
conduct analysis/mitigation/remediation/monitoring, ensuring compliance with NIST/CNSS guidance. The ISSE will guide efforts to obtain and maintain RMF ATO requirements within the customer's complex
network infrastructure, spanning multiple platforms, networks and security enclaves. Job requirements (minimum): RMF and A&A Support: Provide Risk Management Framework (RMF) and Assessment and Authorization (A&A) support, including developing and maintaining systems' Authority to Operate (ATO) package documentation. ATO documentation includes but is not limited to Hardware/Software lists, Ports/Protocols/Services documentation, Authorization Boundary Diagrams, Information Flow diagrams, and Standard Operating Procedures (SOPs). Security Assessments: Assess the current security state of compute (workstations, desktops, servers, virtual machines) and network (switches, routers, firewalls) assets in support of the Information System Security Manager (ISSM). eMASS Experience: Support all eMASS requirements including test result generation/maintenance (monthly, quarterly, bi-annual, annual), artifact library uploads and organization, System Security Plan (SSP) modifications, and workflow management. STIGs, Nessus, SCAP Requirements: Support the generation and review of Security Technical Implementation Guide (STIG) checklists, Nessus scans, and SCAP results to effectively determine risk. POA&M Development and Maintenance: Develop and maintain approved Plan of Action and Milestone (POA&M) items via eMASS and ensure alignment with organizational requirements. Vulnerability Management: Ensure traceability of all vulnerabilities from raw assessment results to approved POA&M items. Additionally, the candidate must possess the ability to review all technical and procedural artifacts to ensure accuracy and data consistency. Risk Analysis and Remediation: Conduct vulnerability and risk analysis in support of residual risk determination. , Continuous Monitoring: Develop and support the continuous monitoring requirements via the Information System Continuous Monitoring (ISCM) plan. Ability to work effectively independently as well as within a team environment. Must develop and manage Information Security policies, procedures, and methodologies in accordance with Federal Information Security Management Act (FISMA), DoD Regulations, NIST Special Publications, other Federal laws and regulations, and direction from leadership. Required Qualifications: Top Secret Clearance (verifiable in DISS) BA/BS college degree DOD 8570/8140 IAM II Desired Qualifications: Five (5) years or more of documented/relevant experience working in information systems management/network security/RMF/ATO support Experience following NIST special publications and CNSS guidance Experience reviewing ACAS/Nessus/SCAP scan results effectively (accuracy, content, traceability) Experience reviewing STIG/SRG checklists in support of various technologies Moderate understanding of Windows, Linux, VMware platforms Expert-level experience using eMASS