Information Systems Security Engineer (MD) (MidSr-TSSCI FSP-Onsite)

Industry: Information Technology - Other

Job Category: Information Technology - Other IT

Information System Security Engineer (ISSE)

Locations: Maryland

Clearance Required: Active TS/SCI with Full Scope Polygraph

Must have Full Scope Poly from NSA

Citizenship: U.S. Citizenship Required

Certification Requirement: DoD 8570/8140 IASAE Level II Compliant Certification Required

Job Description

Open Systems Technologies Corporation (OST) is seeking Information System Security Engineers (ISSEs) to support mission-critical Government programs. This role focuses on integrating cybersecurity engineering principles across system design implementation accreditation and sustainment activities within complex classified environments.

The ISSE will support full Risk Management Framework (RMF) execution Assessment & Authorization (A&A) activities and continuous cybersecurity compliance efforts while working closely with system administrators ISSOs ISSMs and system owners.

Required Qualifications

Active TS/SCI with Full Scope Polygraph security clearance

U.S. Citizenship

DoD 8570/8140 IASAE Level II compliant certification required

Strong understanding of the Risk Management Framework (RMF)

Experience supporting Assessment & Authorization (A&A) and Authority to Operate (ATO) processes

Experience with security control implementation validation and continuous monitoring

Familiarity with NIST SP 800-37 and NIST SP 800-53 (Rev. 3 and/or Rev. 5)

Experience with RMF and cybersecurity tools such as:

LATTEART

XACTA

BISCOTTI

WATCHCAT

STE

Experience with compliance and configuration scanning tools

Strong analytical troubleshooting and documentation skills.

Technical Responsibilities

Support the full RMF lifecycle for classified systems

Assist with A&A package development and Authority to Operate (ATO) maintenance

Implement assess and validate security controls

Perform Security Control Traceability and technical validation

Support system boundary definition and security architecture documentation

Develop and maintain RMF artifacts and body of evidence packages

Conduct compliance and vulnerability scanning analysis

Validate findings including false positive identification and remediation verification

Support STIG implementation and configuration hardening

Manage patch validation and security compliance efforts

Participate in Continuous Monitoring (ConMon) activities

Core ISSE Skill Areas

Assessment & Authorization (A&A) execution and support

Security Control implementation and validation

RMF documentation and artifact development

System boundary definition and architecture support

Vulnerability management and remediation tracking

STIG implementation and compliance validation

Technical security assessment and risk analysis

Continuous Monitoring (ConMon) support

Preferred Qualifications

Experience in classified Government cybersecurity environments

Familiarity with enterprise Linux network or cloud systems

Experience working with ISSOs ISSMs SCAs and System Owners

Understanding of vulnerability management and cybersecurity automation tools

Experience supporting large-scale enterprise or mission systems

IASAE Level II Certification Examples

Acceptable certifications include

CISSP

CASP

CCSP

CSSLP