Information System Security Engineer (ISSE)

Job Description

Job DescriptionSalary: $83,000 - $115,000 yearly

Position Overview:

We are seeking an Information System Security Engineer to develop and maintain cybersecurity architecture and support RMF activities for systems within a Navy environment. This role supports the implementation of security controls, cybersecurity testing, vulnerability risk analysis, RMF documentation, and authorization activities for assigned systems, programs, or enclaves.

Responsibilities:

• Develop and maintain cybersecurity solutions for assigned systems, programs, or enclaves.
• Identify system authorization requirements, including Authorizing Official and Security Control Assessor cognizance, reciprocity considerations, cross-domain requirements, and applicable overlays.
• Identify, tailor, and document the security control baseline based on system categorization and applicable requirements.
• Develop, maintain, and track System Security Plans and related RMF artifacts.
• Lead or support security control implementation and testing activities.
• Plan and perform cybersecurity testing to assess security controls and document compliance status.
• Execute approved Security Assessment Plans and support testing required for Assessment and Authorization or annual reviews.
• Perform vulnerability-level risk analysis on deficiencies identified during RMF testing.
• Support POA&M and Corrective Action Plan development, tracking, mitigation, and closure.
• Ensure vulnerabilities are traceable from raw assessment results to POA&M entries.
• Ensure eMASS records, POA&M entries, and RMF artifacts are accurate and consistent with implementation results.
• Support preparation of Security Assessment Reports, executive summaries, and related assessment documentation.
• Use eMASS workflow and collaboration functions to support formal coordination during the RMF process.
• Document requested rework and provide updates to program management, cybersecurity leadership, and system stakeholders.
• Participate in the system engineering process to ensure cybersecurity requirements, design considerations, and testing needs are addressed throughout the system lifecycle.
• Perform other related duties as assigned to support evolving customer and company needs.

Clearance Level:

• Current or ability to obtain a Department of Defense (DoD) Secret Clearance is required.Note: To obtain a security clearance, you must be a U.S. citizen and meet the 13 adjudicative guidelines.

Required Qualifications:

• 3 or more years of experience supporting cybersecurity engineering, information assurance, RMF, systems security, or related technical activities.
• At least 2 years of experience supporting RMF Assessment and Authorization activities.
• Experience documenting RMF requirements and supporting RMF package development, review, and submission.
• Experience supporting RMF testing, security control assessment, and analysis needed to complete authorization documentation.
• Experience performing vulnerability risk analysis on deficiencies identified during RMF testing or security assessments.
• Experience with IA tools and vulnerability scanners used to evaluate the security posture of systems or enclaves.
• Experience supporting POA&M development, tracking, remediation, and closure activities.
• Experience with eMASS or similar tools used to document RMF status, artifacts, findings, and workflows.
• Knowledge of DoD and Navy RMF requirements, cybersecurity policy, and security control implementation.
• Ability to provide RMF authorization experience details, including the total number of RMF authorizations supported, as required.
• Ability to communicate cybersecurity risks, findings, and status clearly to technical teams, program stakeholders, and leadership.
• Current or ability to obtain one of the following certifications within two weeks of the start date:
  • Certified Chief Information Security Officer (CCISO)
  • Certified Cloud Security Professional (CCSP)
  • Certified in Governance Risk and Compliance (CGRC)
  • Certified Information Systems Security Officer (C)ISSO-A)
  • CompTIA Cloud+
  • CompTIA Security+
  • CompTIA SecurityX (formerly CASP+)
  • GIAC Cloud Security Automation (GCSA)
  • GIAC Continuous Monitoring Certification (GMON)
  • GIAC Security Essentials Certification (GSEC)
  • Systems Security Certified Practitioner (SSCP)

Preferred Qualifications:

• Experience supporting Department of the Navy or other DoD cybersecurity environments.
• Experience using and complying with the Navy RMF Process Guide and applicable RMF business rules.
• Experience concurrently supporting multiple RMF packages.
• Experience supporting cybersecurity testing during system sustainment, annual reviews, or authorization renewals.
• Experience working with ISSOs, ISSMs, Security Control Assessors, Authorizing Officials, system owners, and program management teams.

Creating an Environment of Respect and Opportunity:

At JMA Resources, we value the many paths people take to develop their skills and expertise, and we welcome candidates from all backgrounds. Your qualifications may come from a variety of experiences, including formal education, certifications, professional development, mentorship, hands-on work, or a unique combination of these. We encourage you to share the distinctive journey that has prepared you for this role during your interviews.

Location & Commitments:

• Position: Full Time
• Work Arrangement:
  
  • Hybrid On-site for a week each quarter at our client site in Mechanicsburg, Pennsylvania.
• Travel Requirements: Is required.
• Location Preference: Must reside within a 6-hour drive of Mechanicsburg, Pennsylvania, due to client requirements.
• Work Hours: A typical workday consists of eighthours, totaling a forty-hour workweek. We understand that there may be times when employees will need to adjust their work hours due to client needs or personal reasons. To help balance these demands, we offer some flexibility in work schedules.

What We Offer:

• Competitive salary and discretionary bonuses.
• Comprehensive health benefits, including medical, dental, and vision insurance.
• Flexible Paid Time Off (PTO) and holidays to help you maintain a healthy work-life balance.
• Opportunities for professional development and continued learning.
• Hybrid/remote work arrangement with flexible hours.
• 401(k) retirement plan with company match.
• Employee recognition programs and company events.

JMA Resources is an equal opportunity employer committed to achieving a workforce with an environment free of discrimination and harassment. All aspects of employment, including recruitment, hiring, promotions, transfers, discipline, terminations, wage and salary administration, benefits, and training, are based on business needs, job requirements, and individual qualifications, without regard to race, age, color, physical or mental disability, religion, gender, sexual orientation, gender identity/expression, marital status, national origin, political affiliation or protected veteran status.

At JMA Resources, we are dedicated to fostering an inclusive environment for all qualified individuals. We provide reasonable accommodations to persons with disabilities to ensure equal access throughout the application and hiring process. If you needassistanceor require an accommodation, please reach out to Amy Foy, VP of Employee Experience, atafoy@jmares.com.

JMA Resourcesparticipatesin E-Verify to confirm the identity and employment eligibility of all newly hired employees.