Senior Information Systems Security Engineer

ECS is seeking an experienced Senior Information Systems Security Engineer to support a mission-critical federal cybersecurity program in the National Capital Region or Huntsville, Alabama. This role provides senior-level cybersecurity engineering support for Security Assessment and Authorization, Risk Management Framework execution, technical control implementation, security assessment, continuous monitoring, vulnerability remediation, audit readiness, and risk management for federal information systems.

 

Please Note: This position is contingent upon contract award.

 

The selected candidate will coordinate with system owners, ISSOs, ISSMs, engineering teams, program leadership, and authorization stakeholders to strengthen authorization package quality, reduce technical control gaps, improve evidence completeness, and support timely, defensible risk-based decisions. Depending on assignment, the ISSE3 may support division-level security engineering, resource and project coordination, or new cloud technology security activities.

 

Key Responsibilities include:

• Lead and support implementation of the Security Assessment and Authorization program for assigned federal information systems.
• Support RMF activities across the Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor phases.
• Guide system categorization based on mission impact, classification, FIPS 199 categorization, hosting environment, technical complexity, data sensitivity, and applicable federal cybersecurity requirements.
• Advise on the selection, tailoring, implementation, testing, and documentation of security controls aligned to system risk posture and authorization needs.
• Develop, review, and improve RMF and SAA artifacts, including System Security Plans, control implementation descriptions, security assessment plans, security test plans, risk assessments, POA&Ms, continuous monitoring artifacts, inventories, network diagrams, data flow diagrams, and authorization packages.
• Support security control assessments by reviewing technical and procedural controls, validating evidence, identifying gaps, documenting findings, and supporting risk-based recommendations.
• Identify technical control gaps, assess risk, recommend remediation strategies, and coordinate corrective actions with system owners, engineers, ISSOs, and ISSMs.
• Support vulnerability remediation activities, including scan result analysis, POA&M development, remediation tracking, control impact analysis, and response to vulnerability reporting requirements.
• Support FISMA audit preparation, documentation quality reviews, evidence validation, audit response packages, and corrective action planning.
• Review proposed technical changes for security impact, compliance implications, architecture alignment, vulnerability exposure, and required mitigation.
• Support cloud-hosted, hybrid, or newly introduced technologies, including review of cloud control implementation, architecture, inherited controls, and authorization evidence, as assigned.
• Develop or improve templates, checklists, SOPs, evidence standards, control implementation guidance, dashboards, and repeatable processes to improve quality, consistency, and efficiency.
• Track and communicate risks, findings, remediation status, assessment progress, documentation quality, schedule concerns, and improvement opportunities to program leadership and stakeholders.
• Mentor cybersecurity personnel and help drive complex security engineering activities to closure.