Mar 28
Top Secret
Mid Level Career (5+ yrs experience)
Unspecified
No Traveling
IT - Security
Washingtn, DC (On-Site/Office)
Position Title: Information Systems Security Engineer (ISSE)
Security Clearance: Top Secret / SCI Eligible (verifiable in DISS)
Position Location: Washington, D.C. (five days a week on-site)
Employment Status: W2/Independent Consultant/1099 (Full-time)
Travel: No
Tentative Start Date: ASAP
Compensation/Hourly Rate: Negotiated during the final interview
Position Description:
We are seeking a highly skilled Information Systems Security Engineer (ISSE) to provide
cybersecurity support as a member of a Risk Management Framework (RMF) Team. The candidate
should possess an expert knowledge of RMF/Authority to Operate (ATO) package requirements and
eMASS.
The ISSE will support the Information System Security Manager (ISSM) and Program Manager
(PM)/Information System Owner (ISO) in developing project requirements and plans to ensure project
success, and will work collaboratively with other ISSEs/ISSOs, IT SMEs, and System Administrators to
conduct analysis/mitigation/remediation/monitoring, ensuring compliance with NIST/CNSS guidance.
The ISSE will guide efforts to obtain and maintain RMF ATO requirements within the customer’s complex
network infrastructure, spanning multiple platforms, networks and security enclaves.
Job requirements (minimum):
● RMF and A&A Support: Provide Risk Management Framework (RMF) and Assessment and
Authorization (A&A) support, including developing and maintaining systems' Authority to
Operate (ATO) package documentation. ATO documentation includes but is not limited to
Hardware/Software lists, Ports/Protocols/Services documentation, Authorization Boundary
Diagrams, Information Flow diagrams, and Standard Operating Procedures (SOPs).
● Security Assessments: Assess the current security state of compute (workstations, desktops,
servers, virtual machines) and network (switches, routers, firewalls) assets in support of the
Information System Security Manager (ISSM).
● eMASS Experience: Support all eMASS requirements including test result
generation/maintenance (monthly, quarterly, bi-annual, annual), artifact library uploads and
organization, System Security Plan (SSP) modifications, and workflow management.
● STIGs, Nessus, SCAP Requirements: Support the generation and review of Security Technical
Implementation Guide (STIG) checklists, Nessus scans, and SCAP results to effectively determine
risk.
● POA&M Development and Maintenance: Develop and maintain approved Plan of Action and
Milestone (POA&M) items via eMASS and ensure alignment with organizational requirements.
● Vulnerability Management: Ensure traceability of all vulnerabilities from raw assessment results
to approved POA&M items. Additionally, the candidate must possess the ability to review all
technical and procedural artifacts to ensure accuracy and data consistency.
● Risk Analysis and Remediation: Conduct vulnerability and risk analysis in support of residual risk
determination.
, ● Continuous Monitoring: Develop and support the continuous monitoring requirements via the
Information System Continuous Monitoring (ISCM) plan.
● Ability to work effectively independently as well as within a team environment. Must develop
and manage Information Security policies, procedures, and methodologies in accordance with
Federal Information Security Management Act (FISMA), DoD Regulations, NIST Special
Publications, other Federal laws and regulations, and direction from leadership.
Required Qualifications:
● Top Secret Clearance (verifiable in DISS)
● BA/BS college degree
● DOD 8570/8140 IAM II
Desired Qualifications:
● Five (5) years or more of documented/relevant experience working in information systems
management/network security/RMF/ATO support
● Experience following NIST special publications and CNSS guidance
● Experience reviewing ACAS/Nessus/SCAP scan results effectively (accuracy, content, traceability)
● Experience reviewing STIG/SRG checklists in support of various technologies
● Moderate understanding of Windows, Linux, VMware platforms
● Expert-level experience using eMASS
Security Clearance: Top Secret / SCI Eligible (verifiable in DISS)
Position Location: Washington, D.C. (five days a week on-site)
Employment Status: W2/Independent Consultant/1099 (Full-time)
Travel: No
Tentative Start Date: ASAP
Compensation/Hourly Rate: Negotiated during the final interview
Position Description:
We are seeking a highly skilled Information Systems Security Engineer (ISSE) to provide
cybersecurity support as a member of a Risk Management Framework (RMF) Team. The candidate
should possess an expert knowledge of RMF/Authority to Operate (ATO) package requirements and
eMASS.
The ISSE will support the Information System Security Manager (ISSM) and Program Manager
(PM)/Information System Owner (ISO) in developing project requirements and plans to ensure project
success, and will work collaboratively with other ISSEs/ISSOs, IT SMEs, and System Administrators to
conduct analysis/mitigation/remediation/monitoring, ensuring compliance with NIST/CNSS guidance.
The ISSE will guide efforts to obtain and maintain RMF ATO requirements within the customer’s complex
network infrastructure, spanning multiple platforms, networks and security enclaves.
Job requirements (minimum):
● RMF and A&A Support: Provide Risk Management Framework (RMF) and Assessment and
Authorization (A&A) support, including developing and maintaining systems' Authority to
Operate (ATO) package documentation. ATO documentation includes but is not limited to
Hardware/Software lists, Ports/Protocols/Services documentation, Authorization Boundary
Diagrams, Information Flow diagrams, and Standard Operating Procedures (SOPs).
● Security Assessments: Assess the current security state of compute (workstations, desktops,
servers, virtual machines) and network (switches, routers, firewalls) assets in support of the
Information System Security Manager (ISSM).
● eMASS Experience: Support all eMASS requirements including test result
generation/maintenance (monthly, quarterly, bi-annual, annual), artifact library uploads and
organization, System Security Plan (SSP) modifications, and workflow management.
● STIGs, Nessus, SCAP Requirements: Support the generation and review of Security Technical
Implementation Guide (STIG) checklists, Nessus scans, and SCAP results to effectively determine
risk.
● POA&M Development and Maintenance: Develop and maintain approved Plan of Action and
Milestone (POA&M) items via eMASS and ensure alignment with organizational requirements.
● Vulnerability Management: Ensure traceability of all vulnerabilities from raw assessment results
to approved POA&M items. Additionally, the candidate must possess the ability to review all
technical and procedural artifacts to ensure accuracy and data consistency.
● Risk Analysis and Remediation: Conduct vulnerability and risk analysis in support of residual risk
determination.
, ● Continuous Monitoring: Develop and support the continuous monitoring requirements via the
Information System Continuous Monitoring (ISCM) plan.
● Ability to work effectively independently as well as within a team environment. Must develop
and manage Information Security policies, procedures, and methodologies in accordance with
Federal Information Security Management Act (FISMA), DoD Regulations, NIST Special
Publications, other Federal laws and regulations, and direction from leadership.
Required Qualifications:
● Top Secret Clearance (verifiable in DISS)
● BA/BS college degree
● DOD 8570/8140 IAM II
Desired Qualifications:
● Five (5) years or more of documented/relevant experience working in information systems
management/network security/RMF/ATO support
● Experience following NIST special publications and CNSS guidance
● Experience reviewing ACAS/Nessus/SCAP scan results effectively (accuracy, content, traceability)
● Experience reviewing STIG/SRG checklists in support of various technologies
● Moderate understanding of Windows, Linux, VMware platforms
● Expert-level experience using eMASS
group id: 91159842
