5 days ago

Information Systems Security Engineer

Arlington, VA

$100,200-$203,400 / year

Apply
full-timemid HybridDefense & National Security

Tech Stack

Description

You will support cybersecurity authorization and assessment activities for classified information systems in accordance with the Risk Management Framework (RMF). This role involves reviewing and validating RMF authorization body of evidence, performing technical compliance analysis, inspecting security control implementations, and supporting incident response activities. You will ensure systems comply with federal IA directives, protect data across all classification levels, and meet required security design, control, and documentation standards.

Requirements

  • DoD 8570 IAT Level II or higher (ex: Security+, CISSP, CASP, etc.)
  • 4 years of experience implementing NIST 800‑53 Rev. 4 and supporting full RMF lifecycle activities
  • 4 years’ experience with Windows and/or Linux operating environments
  • 4 years’ experience with virtualization or cloud environments (AWS preferred)
  • 2 years’ experience working with information security and IA practices/principles
  • Experience with tools such as: MS Active Directory, Splunk, ACAS/Nessus, Windows/Linux OS, AWS Security tools

Responsibilities

  • Review and assess RMF authorization packages and body of evidence
  • Review new and existing systems for technical compliance with IA directives and ensure protection of classified data
  • Advise on in‑depth security design reviews, threat assessments, and risk assessments
  • Provide inputs to technical artifacts including POA Ms, SCTMs, and Risk Assessment Reports (RARs)
  • Conduct site visits and security assessments to inspect security control implementations
  • Support Incident Response Team (IRT) activities and assist with incident analysis and reporting
  • Apply RMF knowledge to ensure security controls meet NIST 800‑53 requirements and RMF process expectations
  • Coordinate with government stakeholders, system owners, and engineering teams to ensure RMF compliance
  • Communicate technical concepts clearly to both technical and semi‑technical audiences, including government personnel
  • Work within a matrixed environment, supporting multiple efforts and priorities
  • Perform research and remain current with evolving security threats, technologies, and compliance requirements
0 views 0 saves 0 applications