Cybersecurity Engineer – RMF / A&A

About The Position

Requirements

• Secret Clearance Level
• Certification (IAM Level II)
• One of the following: CASP+, CAP, CISM, CISSP (or Associate), GSLC
• 5+ years of experience supporting RMF and A&A processes in DoD environments.
• Demonstrated experience independently managing eMASS packages.
• Strong working knowledge of NIST SP 800-53 security controls.
• Experience supporting systems through ATO authorization and renewal cycles.
• Ability to operate independently with minimal supervision while coordinating with distributed teams.

Nice To Haves

• Experience supporting classified environments (e.g., SWAN, RDT&E, SDREN, IL5/IL6 Cloud).
• Familiarity with ACAS, SCAP, or other vulnerability management tools.
• Experience integrating RMF activities into DevSecOps or cloud environments.
• Strong written documentation and briefing skills.

Responsibilities

• Execute RMF activities in accordance with NIST SP 800-37, DoDI 8510.01, and Navy RMF guidance.
• Develop, update, and maintain A&A documentation including System Security Plans (SSP), Security Control Traceability Matrices (SCTM), POA&Ms, and supporting artifacts.
• Manage and maintain eMASS packages through authorization and continuous monitoring phases.
• Coordinate directly with Authorizing Officials (AOs), Security Control Assessors (SCAs), ISSMs, ISSOs, and system engineers.
• Prepare systems for ATO, ATO renewal, and interim authorization milestones.
• Independently track package status, milestones, and required artifacts to ensure timely authorization.
• Validate implementation of NIST SP 800-53 security controls.
• Support DISA STIG implementation and remediation tracking.
• Review system configurations, architecture diagrams, and data flows for security compliance.
• Analyze ACAS, SCAP, or equivalent vulnerability scan results and document corrective actions.
• Maintain accurate and actionable POA&Ms.
• Develop and maintain continuous monitoring strategies and documentation.
• Track cybersecurity posture and risk metrics for reporting to government stakeholders.
• Support impact analysis for system changes and configuration updates.
• Ensure alignment with enclave-specific requirements.
• Provide cybersecurity guidance to system, network, and cloud engineers.
• Identify security gaps and recommend risk mitigation strategies.
• Coordinate with enterprise cybersecurity teams for policy alignment and reachback support.
• Support audit readiness and inspection activities.

Benefits

• At ISS we pride ourselves on providing an employee-focused and family first environment.
• Being a small business, we take the time to get to know our employees and have a vested interest in helping them achieve their career goals.
• We work to schedule regular social gatherings within the company to foster camaraderie.
• ISS values their employees by providing a comprehensive benefits package that includes a fully vested 401(k) matching program, coverage of family medical deductibles, spot bonuses, and educational assistance to further your career.