Information Systems Security Engineer SME

ECS is seeking an experienced Information Systems Security Engineer SME to support a mission-critical federal cybersecurity programs. The selected candidate will serve as a senior cybersecurity engineering expert supporting Security Assessment and Authorization, Risk Management Framework execution, cloud security, technical control implementation, assessment readiness, continuous monitoring, vulnerability remediation, audit support, and risk-informed authorization activities. This role is ideal for a senior cybersecurity professional who can operate at both the strategic and technical levels and who is passionate in leading security engineering efforts, mentoring cybersecurity personnel, advising stakeholders, improving authorization quality, and translating complex technical risks into clear, actionable recommendations. 

Please Note: This position is contingent upon contract award.

Key responsibilities include:

• Lead and support full lifecycle RMF and Security Assessment and Authorization activities for federal information systems.
• Provide senior technical guidance to system owners, ISSOs, ISSMs, engineering teams, program leadership, and authorization stakeholders.
• Advise on system categorization, security control selection and tailoring, control implementation, assessment readiness, risk analysis, and authorization package quality.
• Review and strengthen RMF documentation, including System Security Plans, control implementation descriptions, risk assessments, security test plans, assessment results, POA&Ms, inventories, network diagrams, data flow diagrams, and continuous monitoring artifacts.
• Evaluate technical, operational, and management controls to determine whether safeguards are implemented correctly, operating as intended, and supported by complete evidence.
• Identify technical control gaps and develop remediation recommendations that are practical, risk-informed, and aligned to federal cybersecurity standards.
• Support cloud security engineering activities for systems using AWS, Azure, Google Cloud, or hybrid environments.
• Provide technical input for vulnerability remediation, patch compliance, POA&M tracking, emergency directive response, audit readiness, and corrective action planning.
• Support security impact analysis for proposed technical changes, including architecture updates, system integrations, cloud services, network changes, and control modifications.
• Develop or improve templates, checklists, SOPs, evidence standards, dashboards, and repeatable processes that improve quality, consistency, and efficiency.
• Track and communicate risks, findings, action items, assessment status, remediation progress, and improvement opportunities to stakeholders and leadership.
• Maintain current knowledge of RMF, NIST, CNSS, FISMA, cloud security, and federal cybersecurity best practices.