Information System Security Engineer III with Security Clearance

Employer: Strategic Resilience Group | Location: Virginia Beach | Salary: Competitive | Closing date: 1 May 2025

Sector: IT | Job Role: Security Engineer | Job Type: Permanent

This position is contingent upon funding, with an expected start date of December 2025. A SECRET clearance is required.

SRG is seeking an experienced Information System Security Engineer (ISSE) to perform STIG assessments using SCAP benchmarks, conduct vulnerability assessments with ACAS, manage compliance tracking in eMASS, develop POA&Ms, and complete RMF Step 5 authorizations. This role is onsite only; no telework is available.

1. Conduct Security Technical Implementation Guide (STIG) assessments using SCAP benchmarks and evaluate STIG to ensure compliance with security standards.
2. Perform vulnerability assessments using the Assured Compliance Assessment Solution (ACAS) tool.
3. Execute processes within Enterprise Mission Assurance Support Service (eMASS) for security authorization and compliance tracking.
4. Develop and maintain Plans of Action and Milestones (POA&M) to address security vulnerabilities and ensure risk mitigation.
5. Complete Risk Management Framework (RMF) Step 5 authorizations in an ISSE capacity.
6. Provide recommendations to stakeholders on risk reduction strategies and security enhancements.
7. Ensure compliance with DoD 8570.01–M and DFARS security baseline requirements.

• Bachelor's degree in Cybersecurity, Cyber Operations, Cyber Engineering, Information System, Information Technology, Computer, Electrical, or Electronics Engineering, Software Engineering, Computer Science, Mathematics (with a concentration in Computer Science), or an equivalent discipline.
• DoD 8570.01–M certification in accordance with DFARS Baseline Certification, minimum IAM Level II.
• Ten (10) years of full-time professional experience performing Risk Management Framework activities.
• Demonstrated experience in:
• Performing STIG assessments with SCAP benchmarks and evaluation.
• Conducting vulnerability assessments with ACAS.
• Utilizing and executing processes within eMASS.
• Developing POA&M entries.
• Completing RMF Step 5 authorizations as an ISSE.
• Communicating risk reduction strategies to stakeholders.