Information Systems Security Engineer SME

Job Description

ECS is seeking an experienced Information Systems Security Engineer SME - Cloud to support a mission-critical federal cybersecurity programs. The selected candidate will serve as a senior cybersecurity engineering expert supporting Security Assessment and Authorization, Risk Management Framework execution, cloud security, technical control implementation, assessment readiness, continuous monitoring, vulnerability remediation, audit support, and risk-informed authorization activities. This role is ideal for a senior cybersecurity professional who can operate at both the strategic and technical levels and who is passionate in leading security engineering efforts, mentoring cybersecurity personnel, advising stakeholders, improving authorization quality, and translating complex technical risks into clear, actionable recommendations.

Please Note: This position is contingent upon contract award.

Key responsibilities include:

• Lead and support full lifecycle RMF and Security Assessment and Authorization activities for federal information systems.
• Provide senior technical guidance to system owners, ISSOs, ISSMs, engineering teams, program leadership, and authorization stakeholders.
• Advise on system categorization, security control selection and tailoring, control implementation, assessment readiness, risk analysis, and authorization package quality.
• Review and strengthen RMF documentation, including System Security Plans, control implementation descriptions, risk assessments, security test plans, assessment results, POA&Ms, inventories, network diagrams, data flow diagrams, and continuous monitoring artifacts.
• Evaluate technical, operational, and management controls to determine whether safeguards are implemented correctly, operating as intended, and supported by complete evidence.
• Identify technical control gaps and develop remediation recommendations that are practical, risk-informed, and aligned to federal cybersecurity standards.
• Support cloud security engineering activities for systems using AWS, Azure, Google Cloud, or hybrid environments.
• Provide technical input for vulnerability remediation, patch compliance, POA&M tracking, emergency directive response, audit readiness, and corrective action planning.
• Support security impact analysis for proposed technical changes, including architecture updates, system integrations, cloud services, network changes, and control modifications.
• Develop or improve templates, checklists, SOPs, evidence standards, dashboards, and repeatable processes that improve quality, consistency, and efficiency.
• Track and communicate risks, findings, action items, assessment status, remediation progress, and improvement opportunities to stakeholders and leadership.
• Maintain current knowledge of RMF, NIST, CNSS, FISMA, cloud security, and federal cybersecurity best practices.
  
  

Required Skills

• Active Top Secret clearance with SCI eligibility.
• U.S. citizenship.
• 10 years of experience in secure design, analysis, and testing of information security systems and products.
• 10 years of experience applying cybersecurity methods, standards, and approaches to ensure baseline security safeguards are properly implemented and documented.
• 10 years of experience creating or updating security test plans to detect, assess, and mitigate risk to information systems.
• CISSP or CEH required.
• Experience supporting RMF, ATO, SAA, continuous monitoring, POA&M management, vulnerability remediation, security assessment, and audit readiness activities.
• Experience developing, reviewing, or improving federal cybersecurity documentation and authorization artifacts.
• Knowledge of NIST SP 800-53, NIST SP 800-53A, FIPS 199, FIPS 200, CNSS guidance, FISMA, and federal information security requirements.
• Ability to assess technical security evidence and provide risk-based recommendations to technical and non-technical stakeholders.
• Strong written and verbal communication skills.
• Ability to lead teams, mentor personnel, coordinate across multiple stakeholders, and manage complex cybersecurity tasks in a high-accountability environment.
  
  

Desired Skills

• Cloud security certification preferred, such as CCSP, AWS Certified Security - Specialty, AWS Certified Solutions Architect, Microsoft Azure Security Engineer Associate, or Google Professional Cloud Security Engineer.
• Experience securing AWS, Azure, Google Cloud, or hybrid cloud environments.
• Experience with GRC tools, control inheritance, evidence reuse, dashboard reporting, and workflow automation.
• Experience with tools such as Tenable Nessus, Security Center, Splunk, IBM Guardium, WebInspect, Nmap, or similar security platforms.
• Experience supporting classified federal environments, national security systems, law enforcement systems, intelligence systems, or high-impact mission systems.
  
  

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven