Cybersecurity Engineer – RMF / A&A at INFORMATION SYSTEMS SOLUTIONS, INC

San Diego, California, United States -

Full Time

Start Date

Immediate

Expiry Date

31 May, 26

Salary

140000.0

Posted On

02 Mar, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Risk Management Framework, Assessment & Authorization, NIST SP 800-37, DoDI 8510.01, Navy RMF Guidance, System Security Plans, Security Control Traceability Matrices, POA&Ms, eMASS, Authorizing Officials, Security Control Assessors, NIST SP 800-53, DISA STIG, ACAS, SCAP, Vulnerability Scan Results

Industry

IT Services and IT Consulting

Description

Description Information Systems Solutions (ISS) is seeking a Cybersecurity Engineer with strong experience in Risk Management Framework (RMF) and Assessment & Authorization (A&A) processes to serve as the primary cybersecurity resource supporting a system Authority to Operate (ATO). This role operates independently with minimal direct supervision and is responsible for managing day-to-day RMF execution activities. The engineer will have local reach back support to a broader cybersecurity team but will function as the primary practitioner for ATO lifecycle activities. 100% onsite. Specific duties include, but are not limited to the following: Primary RMF / A&A Execution • Execute RMF activities in accordance with NIST SP 800-37, DoDI 8510.01, and Navy RMF guidance. • Develop, update, and maintain A&A documentation including System Security Plans (SSP), Security Control Traceability Matrices (SCTM), POA&Ms, and supporting artifacts. • Manage and maintain eMASS packages through authorization and continuous monitoring phases. • Coordinate directly with Authorizing Officials (AOs), Security Control Assessors (SCAs), ISSMs, ISSOs, and system engineers. • Prepare systems for ATO, ATO renewal, and interim authorization milestones. • Independently track package status, milestones, and required artifacts to ensure timely authorization. Security Control Implementation & Validation • Validate implementation of NIST SP 800-53 security controls. • Support DISA STIG implementation and remediation tracking. • Review system configurations, architecture diagrams, and data flows for security compliance. • Analyze ACAS, SCAP, or equivalent vulnerability scan results and document corrective actions. • Maintain accurate and actionable POA&Ms. Continuous Monitoring & Risk Management • Develop and maintain continuous monitoring strategies and documentation. • Track cybersecurity posture and risk metrics for reporting to government stakeholders. • Support impact analysis for system changes and configuration updates. • Ensure alignment with enclave-specific requirements. Collaboration & Advisory Support • Provide cybersecurity guidance to system, network, and cloud engineers. • Identify security gaps and recommend risk mitigation strategies. • Coordinate with enterprise cybersecurity teams for policy alignment and reachback support. • Support audit readiness and inspection activities. Why Work For ISS? At ISS we pride ourselves on providing an employee-focused and family first environment. Being a small business, we take the time to get to know our employees and have a vested interest in helping them achieve their career goals. We work to schedule regular social gatherings within the company to foster camaraderie. ISS values their employees by providing a comprehensive benefits package that includes a fully vested 401(k) matching program, coverage of family medical deductibles, spot bonuses, and educational assistance to further your career. Requirements Clearance Level: Secret Certification (IAM Level II) One of the following: CASP+ CAP CISM CISSP (or Associate) GSLC Required Skills: • 5+ years of experience supporting RMF and A&A processes in DoD environments. • Demonstrated experience independently managing eMASS packages. • Strong working knowledge of NIST SP 800-53 security controls. • Experience supporting systems through ATO authorization and renewal cycles. • Ability to operate independently with minimal supervision while coordinating with distributed teams. Preferred Qualifications: • Experience supporting classified environments (e.g., SWAN, RDT&E, SDREN, IL5/IL6 Cloud). • Familiarity with ACAS, SCAP, or other vulnerability management tools. • Experience integrating RMF activities into DevSecOps or cloud environments. • Strong written documentation and briefing skills.

Responsibilities

The engineer will execute Risk Management Framework (RMF) activities following NIST SP 800-37 and Navy guidance, managing day-to-day execution, and developing/maintaining critical Authorization & Accreditation (A&A) documentation like SSPs and POA&Ms within eMASS.