Information Systems Security Engineer (ISSE) SME

Summary:

The Information Systems Security Engineer (ISSE) - SME serves as a technical authority responsible for designing, implementing, and overseeing cybersecurity architecture across complex systems and environments. This role leads RMF engineering efforts, drives risk-based decision-making, and ensures cybersecurity is fully integrated into system engineering processes.

Responsibilities Essential Job Functions:

Lead the development and sustainment of cybersecurity architecture for programs, systems, and enclaves Oversee the design and implementation of comprehensive cybersecurity solutions aligned with mission and compliance requirements Identify AO and SCA cognizance and define complex authorization requirements, including cross-domain solutions, reciprocity, and overlays Direct the selection and tailoring of security control baselines based on system categorization and risk posture Oversee development, maintenance, and governance of System Security Plans (SSPs) Lead security control implementation, validation, and testing across all lifecycle phases Perform and oversee advanced vulnerability and risk assessments for

POA&M/CAP

management Ensure execution of all required cybersecurity testing for A&A, continuous monitoring, and annual reviews Develop, review, and approve Security Assessment Plans (SAPs) and ensure proper execution Direct mitigation strategies and ensure closure of vulnerabilities through formal change control processes Oversee cybersecurity testing activities and ensure accurate documentation of control compliance status Ensure integrity, consistency, and traceability of all data within eMASS, including POA&M and artifact repositories Provide authoritative input to Risk Assessment documentation, including failed control summaries in eMASS Lead development and finalization of Security Assessment Reports (SARs) and Executive Summaries for SCA review Serve as primary authority for RMF coordination using the eMASS Collaboration Board Interface with PSO, PMO, ISSMs, and senior leadership to review findings and drive remediation efforts Integrate cybersecurity requirements into the system engineering lifecycle, ensuring secure design, development, and testing

Qualifications Necessary Skills and Knowledge:

Deep knowledge of NIST 800-53, RMF, DoD cybersecurity policies, and system authorization processes Extensive experience with e

MASS, POA&M

management, and A&A activities Strong background in secure system design and systems engineering integration

Minimum Qualifications:

Minimum of 7 years of related experience Minimum 2 years of experience of the following: Experience in documenting RMF Assessment and Authorization requirements Experience in RMF testing of all CS requirements and analysis required to complete an RMF package document for submittal and approval Experience performing vulnerability risk analysis on the deficiencies found during RMF testing Must be able to supply total number of RMF authorizations performed Experience with IA tools and scanners used to evaluate the security posture of the system/enclave Experience with DoD-specific, DoN-specific, and NAVSUP-specific RMF services (including RMF package services) and using and complying with the Navy RMF Process Guide version 4.1 (or 4.0 or the latest version) and the

NAVSUP FAO RMF

Business Rules version 1.0 (or latest version) Experience with concurrently supporting over 10 RMF packages Must have a

Tier III Level Clearance Preferred Qualifications:

Bachelor's degree in Cybersecurity, Information Technology, Engineering, or related field Pay and Benefits At Goldbelt, we value and reward our team's dedication and hard work. We provide a competitive base salary commensurate with your qualifications and experience. As an employee, you'll enjoy a comprehensive benefits package, including medical, dental, and vision insurance, a 401(k) plan with company matching, tax-deferred savings options, supplementary benefits, paid time off, and professional development opportunities.