Information System Security Engineer SME

ECS is seeking an Information System Security Engineer SME to work in our Washington, DC office. Please Note: This position is contingent upon contract award.

 

ECS is seeking an experienced Information System Security Engineer (ISSE) – SME to join our team as an expert in designing, implementing, and maintaining secure information systems. The successful candidate will have a strong background in security engineering, architecture, and risk management, with a focus on protecting sensitive information and systems.

 

Responsibilities

Responsible for leading the implementation of the Security Assessment and Authorization (SAA) Program:

• Lead, mentor, and supervise a team of security professionals responsible for the end-to-end implementation of the RMF lifecycle for Enterprise IT systems.
• Oversee and coordinate activities within the Prepare step, ensuring roles, responsibilities, and risk management strategies are clearly defined and maintained.
• Guide system categorization efforts to ensure all information systems are appropriately classified based on mission/business impact and regulatory requirements.
• Direct the selection, tailoring, and documentation of security controls aligned with system categorizations, Enterprise risk appetite, and compliance requirements.
• Oversee the implementation of technical, operational, and management controls throughout system and application lifecycles, with a particular focus on quality and completeness of all deliverables.
• Ensure comprehensive security control assessments are planned, executed, and documented to validate the effectiveness of implemented safeguards.
• Prepare risk management documentation for system authorization and executive decision making.
• Direct ongoing monitoring and continuous assessment activities, collecting metrics to adjust security strategies and ensure sustained compliance.
• Serve as a principal technical advisor on cybersecurity, bringing subject-matter expertise to risk analysis, incident response, system remediation, and audit support efforts.
• Foster a culture of security awareness, providing technical guidance and training to both team members and stakeholders.
• Track, report, and communicate status, risks, and improvement opportunities related to security engineering activities to leadership and stakeholders.
• Maintain up-to-date knowledge of RMF, NIST guidance, and industry best practices in support of continuous process improvement.

Salary Range: $175,000 - $190,000

General Description of Benefits

Qualifications

• Security Clearance: Top Secret (TS) with SCI eligibility
• 10+ years of progressive technical security engineering experience to include use of GRC and RMF tools
• Hold at least one of the following certifications:
  • Certified Information Systems Security Professional (CISSP) (or Associate);
  • CompTIA Advanced Security Practitioner (CASP) CASP CE;
  • Certified Secure Software Lifecycle Professional (CSSLP);
  • CISSP- Information System Security Engineering Professional (ISSEP); or
  • CISSP- Information System Security Architecture Professional (ISSAP).
• Minimum 10 years’ experience, or equivalent education/experience; Doctorate plus 6 years; Master’s plus 6 years; Associates plus 10 years; or H.S./GED plus 14 years.