Information System Security Engineer (ISSE)

Role Overview:

JMA Resources is seeking a highly motivated and self-directed Information Systems Security Engineer (ISSE) to join our team. This person provides assessments of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation. They will be responsible for recommending corrective actions to address identified vulnerabilities and preparing security assessment reports containing the results and findings from system security assessments. The ISSE will serve as a trusted agent who assesses and validates that the system has implemented the approved security control-based line as part of our Risk NAVY Management Framework (RMF) team.

Supervisory Responsibilities:

• None

Responsibilities:

• Review, analyze, and evaluate business systems and user needs, specifically about Authorization and Accreditation (A&A) (security requirements and documentation support) for the Navy, Plans of Action, and Milestones (POA&Ms), and documentation support.
• Interact daily with the PMO, Operations, and IT Security teams to address the needs of A&A and POA&M remediation. 
• Write, edit, and/or manage a wide range of IT Security documentation and be familiar with federal IT standards such as the Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), NIST Special Publications (SPs), and NIST SP 800-37 Rev 1 (Guide for Applying the Risk Management Framework to Federal Information Systems: Security Life Cycle Approach). 
• Perform internal audits of the systems before third-party audits. 
• Participate in security control implementation, testing efforts, and vulnerability-level risk assessments.
• Assist in mitigating and closing open vulnerabilities under the system’s change control process.
• Play a role in reviewing and updating RMF Cyber Security documentation.
• Perform other related duties as assigned. 
• Ensure plans and channels are in place for incident response, business continuity, disaster recovery, and vulnerability and threat reporting.
• Perform other related duties as assigned. 

Clearance Level:

• Current or ability to obtain a DOD Secret Clearance is required.
  • Note: To obtain a security clearance, you must be a US citizen and meet the 13 adjudicative guidelines.

Required Skills/Abilities:

• Must demonstrate:
  • Excellent verbal and written communication skills.
  • Strong technical writing skills.
  • Excellent problem-solving skills.
  • Attention to detail and accuracy.
  • Ability to work independently and in a team environment.
  • A thorough understanding and knowledge of the RMF process IAW the Navy RMF Process Guide.
• Must have experience working with the following:
  • Enterprise Mission Assurance Support Service (eMASS)
• Security technologies such as firewalls, intrusion detection, prevention systems, and vulnerability assessment tools.
• IA tools and scanners used to evaluate the security posture of the system/enclave.

Required Experience:

• Must have at least 3 years of experience following the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) and/or RMF (RMF is preferred) experience:
  • Experience in RMF testing of all CS requirements and analysis required to complete an RMF package document for submittal and approval.
  • Experience performing vulnerability risk analysis on the deficiencies found during RMF testing.
• Experience with IA tools and scanners used to evaluate the security posture of the system/enclave.

Education Level:

• A degree in Computer Science is preferred but not required.

Required Certifications:

• Must have one of the following:
  • Current Certified in Governance, Risk, and Compliance (CGRC)
  • Current CompTIA Advanced Security Practitioner (CASP+)
  • Current Certified Information Security Manager (CISM)
  • Current Certified Information Systems Security Professional (CISSP)
  • Current GIAC Security Leadership (GSLC)
  • Current Certified Chief Information Security Officer (CCISO)

Location & Commitments:

• This is a full-time remote position.
• Travel to the client site in Mechanicsburg, Pennsylvania, for approximately 2-5 days every 2-3 months is required.
• Hours are based on the client – eight-hour days flexing between 6 a.m. to 5 p.m. EST.

JMA Resources is an equal opportunity employer committed to achieving a diverse workforce with an environment free of discrimination and harassment. All aspects of employment, including recruitment, hiring, promotions, transfers, discipline, terminations, wage and salary administration, benefits, and training, are based on business needs, job requirements, and individual qualifications, without regard to race, age, color, physical or mental disability, religion, gender, sexual orientation, gender identity/expression, marital status, national origin, political affiliation or protected veteran status.

JMA is also committed to the full inclusion of all qualified individuals. As part of this commitment, JMA will ensure that all persons with disabilities are provided reasonable accommodations. If you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment tests, or otherwise participating in the employee selection process, please contact Amy Foy, Director of Human Resources, at afoy@jmares.com.