What are the responsibilities and job description for the Information System Security Engineer (ISSE) position at JMA Resources, Inc.?
Position Overview
JMA Resources is seeking a highly motivated Information Systems Security Engineer (ISSE) to join our team. In this role, you will assess and validate the implementation of approved security controls and evaluate system weaknesses. You will prepare security assessment reports with findings and results, as well as supporting documentation and remediation efforts. As a trusted partner to both the client and team, the ISSE ensures compliance, strengthens security posture, and supports operational objectives.
Responsibilities
At JMA Resources, we value the many paths' people take to develop their skills and expertise, and we welcome candidates from all backgrounds. Your qualifications may come from a variety of experiences, including formal education, certifications, professional development, mentorship, hands-on work, or a unique combination of these. We encourage you to share the distinctive journey that has prepared you for this role during your interviews.
**Location & Commitments:**
Position: Full Time
Work Arrangement
JMA Resources is seeking a highly motivated Information Systems Security Engineer (ISSE) to join our team. In this role, you will assess and validate the implementation of approved security controls and evaluate system weaknesses. You will prepare security assessment reports with findings and results, as well as supporting documentation and remediation efforts. As a trusted partner to both the client and team, the ISSE ensures compliance, strengthens security posture, and supports operational objectives.
Responsibilities
- Oversee the development and maintenance of a system's cybersecurity solutions.
- Identify Authorizing Official (AO) and Security Control Assessor (SCA) cognizance of the system, as well as any specific authorization requirements such as reciprocity, cross-domain, and applicable overlays to support system categorization
- Identify and tailor the security control baseline with applicable overlays.
- Assist with the development, maintenance, and tracking of the System Security Plan (SP).
- Lead the security control implementation and testing efforts.
- Perform vulnerability-level risk assessment on the Plan of Action and Milestones (POA&M) or Corrective Action Plan (CAP).
- Execute security testing required as part of Assessment & Authorization (A&A) or annual reviews.
- Ensure the mitigation and closure of open vulnerabilities under the system's change control process.
- Plan and perform cybersecurity testing to assess security controls and record security control compliance status during sustainment.
- Oversee cybersecurity testing to assess security controls and record security control compliance status during the continuous monitoring phase of the lifecycle.
- Ensure data entered in the Enterprise Mission Assurance Support Services (eMASS) record and POA&M is consistent with implementation results.
- Utilize the Collaboration Board in the eMASS for all formal coordination during the RMF process; post detailed findings in the Artifacts tab as required.
- Document and provide all requested rework to the Program Security Office (PSO) or Program Management Office (PMO) for review.
- Participate in the system engineering process to ensure the system's security and cybersecurity requirements, design, and testing are addressed throughout the system lifecycle.
- Carry out other related duties as assigned, demonstrating flexibility and adaptability in meeting evolving client and company needs.
- Current or ability to obtain a Department of Defense (DoD) Secret Clearance is required. *Note: To obtain a security clearance, you must be a U.S. citizen and meet the 13 adjudicative guidelines.*
- 3 or more years of experience in information security engineering, system assessment, or related field, including experience in:
- Documenting RMF A&A requirements (U.S. Navy RMF process preferred).
- Performing RMF testing of all CS requirements and analysis needed to complete an RMF package for submittal and approval.
- Conducting vulnerability risk analysis and documenting deficiencies found during RMF testing.
- Using IA tools and scanners to evaluate the security posture of the system/enclave.
- Managing documentation within eMASS.
- Working knowledge of the RMF and A&A processes.
- Strong understanding of federal security standards, including FISMA, FIPS, and NIST Special Publications.
- Proficiency in vulnerability management processes, security control implementation, and audit preparation.
- Strong analytical and problem-solving skills.
- Excellent verbal and written communication skills for preparing documentation and collaborating with cross-functional teams.
- Attention to detail and accuracy.
- Ability to work independently as well as in a collaborative team environment.
- Flexibility to adapt to changing priorities while supporting oth team members and client requirements.
- Must hold one of the following certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Governance, Risk, and Compliance (CGRC)
- GIAC Security Leadership (GSLC)
- CompTIA Advanced Security Practitioner (CASP )
- Certified Chief Information Security Officer (C-CISO)
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field.
- Understanding of the U.S. Navy RMF Process Guide.
At JMA Resources, we value the many paths' people take to develop their skills and expertise, and we welcome candidates from all backgrounds. Your qualifications may come from a variety of experiences, including formal education, certifications, professional development, mentorship, hands-on work, or a unique combination of these. We encourage you to share the distinctive journey that has prepared you for this role during your interviews.
**Location & Commitments:**
Position: Full Time
Work Arrangement
- Hybrid - On-site for a week a minimum, each quarter at our client site in Mechanicsburg, Pennsylvania.