Information System Security Engineer (ISSE) – Cyber Ops IV

• Serve as ISSE supporting USAFA systems, providing subject matter expertise in system security engineering, RMF execution, and technical documentation.
• Act as the technical lead for system security architecture and control implementation strategies, advising system owners and engineering teams on secure design in alignment with NIST SP 800-53 Rev. 5 and DoD guidance.
• Capture, refine, and document IT system requirements, ensuring integration of security requirements throughout the system development lifecycle.
• Identify and document mission-critical assets and information that require protection, contributing to risk assessments and architectural recommendations.
• Perform and maintain system-level risk assessments that support authorization decisions and inform residual risk determinations.
• Lead the technical portions of RMF Step 2 (Categorize) and Step 3 (Select), using NIST SP 800-60 and FIPS 199 to guide impact level determination and initial control tailoring.
• Support the development and maintenance of the System Security Plan (SSP), ensuring all technical controls are clearly defined with planned inputs, expected behaviors, and functional outcomes.
• Contribute to the assembly of the full RMF Security Authorization Package, including the SSP, Security Assessment Report (SAR), POA&M, risk statements, and briefing materials for the Authorizing Official (AO).
• Develop and update required RMF and system documentation including:

• Monitoring Strategy Document
• POA&M and SSP updates
• System Security Plan Analysis
• Security Categorization Review
• Security Plan Approval Recommendation Letter
• SAR with vulnerability assessment results
• Issue Resolution and Remediation Status Reports
• Residual Risk Statements for Risk Acceptance Recommendations
• Presentation briefings and meeting support documents
• Collaborate with ISSMs, ISSOs, SCARs, and system owners to gather evidence, produce high-quality deliverables, and ensure traceability of control implementation and assessment results.
• Author, edit, and standardize RMF documentation to ensure clarity, completeness, and consistency across systems, adhering to DoD, AFMAN, and USAFA-specific templates and quality standards.
• Maintain alignment between documentation and actual system behavior, identifying gaps or noncompliance early and supporting remediation planning.
• Provide peer review, formatting, and compliance support across all cybersecurity deliverables, including SOPs, policies, and authorization artifacts.
• Serve as the central resource for maintaining documentation readiness in eMASS, ensuring system artifacts are current, correctly linked, and audit ready.

• This is an onsite position that requires work to be performed onsite in Colorado Springs, CO.
• Indoor office working conditions.

• Must be able to sit or stand for prolonged periods.
• Must be able to perform repetitive keyboard tasks and associated motions for prolonged periods.
• Must be able to carry up to 10 pounds.

• 105,000 -- $120,000 (annual) depending on qualifications

• CERTIFICATION: CISM or CISSO or FITSP-D or GCIA or GCSA or GCLD or GDSA or GICSP or CISSP-ISSAP or CISSP-ISSEP.
• REQUIED EDUCATION: Bachelor of Science degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an Accreditation Board for Engineering and Technology (ABET) accredited or Certified Association Executive (CAE) designated institution.
• EXPERIENCE: At least five years of experience in Information System Security Engineer field required. Additional experience in the United States Air Force (USAF) environment is preferred. Must be familiar with NIST SP 800-37 Rev. 2, SP 800-53 Rev. 5, FIPS 199/200, FedRAMP, AFI 17-101, DoDI 8510.01, and eMASS workflows.
• SECURITY CLEARANCE: Must hold an active Secret security clearance

• Health insurance
• Dental/Vision insurance
• Paid Time Off
• Short- and Long-Term Disability
• Life insurance
• 401k and match

Aleut Federal