Information Systems Support Engineer Support

Ryan Consulting Group is seeking an Information Systems Support Engineer Support to provide high-level ISSE support to integrate cybersecurity requirements and implement security controls throughout the RMF lifecycle ensuring agency systems achieve and sustain their ATO. This role will coordinate with system owners and security personnel to prepare systems for authorization categorize information and impact levels select and tailor security controls and document their implementation. This support extends to assessing security controls contributing to authorization packages and continuously monitoring the security posture of systems to ensure ongoing compliance and risk management.

Responsibilities:

• Coordinate with the Information System Owner (ISO) to define the authorization boundary and develop boundary diagram artifacts.
• Analyze and document mission/business processes supported by the system to define comprehensive system security needs directly linking security to operational objectives.
• Develop and document robust System Security Plans (SSPs) and detailed Security Design Documents providing a foundational understanding of the systems security posture.
• Document information types and impact levels (confidentiality integrity availability) providing a granular understanding of data sensitivity.
• Ensure the system categorization aligns with DoD mission assurance priorities supporting critical defense functions.
• Maintain working knowledge of EDR technologies and their role in providing advanced endpoint protection threat detection and response in order to advise on appropriate security requirements.
• Maintain working knowledge of ACAS (Tenable Security Center and Nessus) interpreting scan results and understanding how vulnerabilities misconfigurations and weaknesses are identified and prioritized.
• Apply STIGs (Security Technical Implementation Guides) and hardening procedures to all IT assets as applicable reducing the attack surface and mitigating known vulnerabilities.
• Understand and communicate vulnerability management principles including lifecycle management risk ranking remediation prioritization and POA&M tracking ensuring they are properly addressed within the RMF process.
• Incorporate zero trust principles network segmentation and endpoint protection strategies into system designs to enforce least-privilege access and mitigate lateral movement.
• Document control implementation in the SSP maintaining accurate and up-to-date security documentation.
• Conduct self-assessments and validate control effectiveness documenting findings in Security Assessment Reports (SARs) providing an internal evaluation of security controls.
• Ensure alignment with DoD Cybersecurity Strategy and acquisition lifecycle integrating security considerations throughout the systems lifespan.
• Provide evidence and artifacts in support of security control validation efforts demonstrating the effectiveness of implemented controls.
• Coordinate and schedule all assessment activities with the SCA and testing teams facilitating thorough and efficient security evaluations.
• Conduct Security Control Assessments for all RMF Assess Only cybersecurity assessments providing dedicated evaluation for specific security concerns.
• Coordinate with the SCA on development of the Security Assessment Plan (SAP) and Security Assessment Report (SAR) contributing to formal assessment documentation.
• Remediate findings and update the POA&M (Plan of Action and Milestones) tracking the progress of vulnerability mitigation.
• Develop risk mitigation strategies for vulnerabilities that are unable to be fully remediated.
• Track and report on security control effectiveness and system changes maintaining visibility into security performance.
• Update SSP POA&M and SAR as system changes occur or as needed but no less than annually reflecting the current state of system security.
• Participate in Annual Security Assessment Review (ASR) and Incident Response exercises demonstrating preparedness and responsiveness to security events.
• Support incident response coordination by understanding how EDR data network forensics and vulnerability scan outputs contribute to containment and recovery strategies.
• Respond to cybersecurity incidents and environmental changes ensuring rapid and effective incident handling.

• Active Secret security clearance
• Minimum of 5 years of related experience

DoD IAT II required certification/s (one of the following):

• CCNA-Security
• CySA (CSA)
• GICSP
• GSEC
• Security CE
• CND
• SSCP

PLUS CSSP-IS required certification/s (one of the following):

• Security CE
• CySA
• GCIA
• GICSP
• GSEC
• CEH

Statements

Equal Employment Opportunity (EEO) Statement

Ryan Consulting Group Inc. is an equal opportunity employer. We are dedicated to ensuring equal employment opportunities in all aspects of employment including recruitment hiring promotion training compensation benefits and termination. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability veteran status or any other characteristic protected by applicable law.

Ryan Consulting Group Inc. is also committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to a disability in the application process please contact

Drug-Free Workplace Statement

Ryan Consulting Group Inc. is committed to maintaining a drug-free workplace in compliance with the Drug-Free Workplace Act of 1988 which is a requirement for all federal contractors. We recognize the impact that drug and alcohol abuse can have on the safety health and productivity of our workforce and we are dedicated to providing a work environment that is free from illegal drugs and alcohol. All employment offers are conditional upon successfully passing a drug screening.

Pay Transparency Statement

Ryan Consulting Group Inc. complies with all relevant pay transparency laws in each state and jurisdiction where we operate. This includes providing salary ranges and pay data in compliance with state or local regulations where applicable.

We also ensure that applicants and employees in relevant states are informed of their right to inquire about pay information as required by state or local laws. Employees and applicants in states where pay transparency laws are in effect can expect to be provided with salary information upon request during the hiring process.