Information Systems Security Engineer SME

ECS is seeking an experienced Information Systems Security Engineer SME – Cloud to support a mission-critical federal cybersecurity programs. The selected candidate will serve as a senior cybersecurity engineering expert supporting Security Assessment and Authorization, Risk Management Framework execution, cloud security, technical control implementation, assessment readiness, continuous monitoring, vulnerability remediation, audit support, and risk-informed authorization activities. This role is ideal for a senior cybersecurity professional who can operate at both the strategic and technical levels and who is passionate in leading security engineering efforts, mentoring cybersecurity personnel, advising stakeholders, improving authorization quality, and translating complex technical risks into clear, actionable recommendations.

Please Note: This position is contingent upon contract award.

Key responsibilities include:

• Lead and support full lifecycle RMF and Security Assessment and Authorization activities for federal information systems.
• Provide senior technical guidance to system owners, ISSOs, ISSMs, engineering teams, program leadership, and authorization stakeholders.
• Advise on system categorization, security control selection and tailoring, control implementation, assessment readiness, risk analysis, and authorization package quality.
• Review and strengthen RMF documentation, including System Security Plans, control implementation descriptions, risk assessments, security test plans, assessment results, POA&Ms, inventories, network diagrams, data flow diagrams, and continuous monitoring artifacts.
• Evaluate technical, operational, and management controls to determine whether safeguards are implemented correctly, operating as intended, and supported by complete evidence.
• Identify technical control gaps and develop remediation recommendations that are practical, risk-informed, and aligned to federal cybersecurity standards.
• Support cloud security engineering activities for systems using AWS, Azure, Google Cloud, or hybrid environments.
• Provide technical input for vulnerability remediation, patch compliance, POA&M tracking, emergency directive response, audit readiness, and corrective action planning.
• Support security impact analysis for proposed technical changes, including architecture updates, system integrations, cloud services, network changes, and control modifications.
• Develop or improve templates, checklists, SOPs, evidence standards, dashboards, and repeatable processes that improve quality, consistency, and efficiency.
• Track and communicate risks, findings, action items, assessment status, remediation progress, and improvement opportunities to stakeholders and leadership.
• Maintain current knowledge of RMF, NIST, CNSS, FISMA, cloud security, and federal cybersecurity best practices.

• Active Top Secret clearance with SCI eligibility.
• U.S. citizenship.
• 10 years of experience in secure design, analysis, and testing of information security systems and products.
• 10 years of experience applying cybersecurity methods, standards, and approaches to ensure baseline security safeguards are properly implemented and documented.
• 10 years of experience creating or updating security test plans to detect, assess, and mitigate risk to information systems.
• CISSP or CEH required.
• Experience supporting RMF, ATO, SAA, continuous monitoring, POA&M management, vulnerability remediation, security assessment, and audit readiness activities.
• Experience developing, reviewing, or improving federal cybersecurity documentation and authorization artifacts.
• Knowledge of NIST SP 800-53, NIST SP 800-53A, FIPS 199, FIPS 200, CNSS guidance, FISMA, and federal information security requirements.
• Ability to assess technical security evidence and provide risk-based recommendations to technical and non-technical stakeholders.
• Strong written and verbal communication skills.
• Ability to lead teams, mentor personnel, coordinate across multiple stakeholders, and manage complex cybersecurity tasks in a high-accountability environment.