Cybersecurity Engineer – RMF / A&A

Description:

Information Systems Solutions (ISS) is seeking a Cybersecurity Engineer with strong experience in Risk Management Framework (RMF) and Assessment & Authorization (A&A) processes to serve as the primary cybersecurity resource supporting a system Authority to Operate (ATO). This role operates independently with minimal direct supervision and is responsible for managing day-to-day RMF execution activities. The engineer will have local reach back support to a broader cybersecurity team but will function as the primary practitioner for ATO lifecycle activities.

100% onsite.

Specific duties include, but are not limited to the following:

Primary RMF / A&A Execution

• Execute RMF activities in accordance with NIST SP 800-37, DoDI 8510.01, and Navy RMF guidance.
• Develop, update, and maintain A&A documentation including System Security Plans (SSP), Security Control Traceability Matrices (SCTM), POA&Ms, and supporting artifacts.
• Manage and maintain eMASS packages through authorization and continuous monitoring phases.
• Coordinate directly with Authorizing Officials (AOs), Security Control Assessors (SCAs), ISSMs, ISSOs, and system engineers.
• Prepare systems for ATO, ATO renewal, and interim authorization milestones.
• Independently track package status, milestones, and required artifacts to ensure timely authorization.

Security Control Implementation & Validation

• Validate implementation of NIST SP 800-53 security controls.
• Support DISA STIG implementation and remediation tracking.
• Review system configurations, architecture diagrams, and data flows for security compliance.
• Analyze ACAS, SCAP, or equivalent vulnerability scan results and document corrective actions.
• Maintain accurate and actionable POA&Ms.

Continuous Monitoring & Risk Management

• Develop and maintain continuous monitoring strategies and documentation.
• Track cybersecurity posture and risk metrics for reporting to government stakeholders.
• Support impact analysis for system changes and configuration updates.
• Ensure alignment with enclave-specific requirements.

Collaboration & Advisory Support

• Provide cybersecurity guidance to system, network, and cloud engineers.
• Identify security gaps and recommend risk mitigation strategies.
• Coordinate with enterprise cybersecurity teams for policy alignment and reachback support.
• Support audit readiness and inspection activities.

Why Work For ISS?

At ISS we pride ourselves on providing an employee-focused and family first environment. Being a small business, we take the time to get to know our employees and have a vested interest in helping them achieve their career goals. We work to schedule regular social gatherings within the company to foster camaraderie. ISS values their employees by providing a comprehensive benefits package that includes a fully vested 401(k) matching program, coverage of family medical deductibles, spot bonuses, and educational assistance to further your career.

Requirements:

Clearance Level:

Secret

Certification (IAM Level II)

One of the following:

CASP+

CAP

CISM

CISSP (or Associate)

GSLC

Required Skills:

• 5+ years of experience supporting RMF and A&A processes in DoD environments.
• Demonstrated experience independently managing eMASS packages.
• Strong working knowledge of NIST SP 800-53 security controls.
• Experience supporting systems through ATO authorization and renewal cycles.
• Ability to operate independently with minimal supervision while coordinating with distributed teams.

Preferred Qualifications:

• Experience supporting classified environments (e.g., SWAN, RDT&E, SDREN, IL5/IL6 Cloud).
• Familiarity with ACAS, SCAP, or other vulnerability management tools.
• Experience integrating RMF activities into DevSecOps or cloud environments.
• Strong written documentation and briefing skills.