Information Systems Security Engineer

Information Systems Security Engineer

The Information Systems Security Engineer (ISSE) serves as the primary technical authority for the security and resilience of our mission‑critical systems. This role is responsible for integrating security engineering principles into every phase of the Software Development Life Cycle to design and maintain secure architectures. You will collaborate with software developers, systems engineers, and government stakeholders to navigate the Risk Management Framework (RMF) lifecycle and maintain the Authority to Operate (ATO) for complex cloud and on‑premise environments.

• Lead the end‑to‑end RMF process, managing NIST 800‑53/171 control sets and coordinating with cybersecurity entities (SCA/DAO) to secure and maintain Authority to Operate (ATO).
• Drive security by design by reviewing technical change requests, evaluating new technologies, and providing security oversight for cloud‑based platforms (AWS/Azure).
• Conduct system inspections and vulnerability assessments to manage POA&Ms, prioritize system patching, and ensure robust disaster recovery and contingency planning.
• Establish continuous monitoring protocols to track security posture, enforce cybersecurity policies, and brief complex technical risks to senior stakeholders.

Education and Experience

• Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, Engineering, or related degree
• Minimum of 5 years of progressive experience in Cybersecurity, Information Assurance, or related background.

Clearance & Certifications

• Active TS/SCI with Polygraph
• DoD 8570 IAT Level II Compliance (e.g., Security+, CCNA Security, or CySA+).

Risk Management & Compliance

• Full RMF Lifecycle Mastery:
  Deep experience navigating the Risk Management Framework (NIST 800‑37) to secure and maintain Authority to Operate (ATO).
• Control Implementation:
  Expert knowledge of NIST 800‑53 and 800‑171 control sets, including managing control inheritance and applying overlays.
• Governance & Documentation:
  Ability to author cybersecurity policies, manage POA&Ms, and develop Contingency/Disaster Recovery plans.

Engineering & Operations

• Technical Oversight:
  Experience reviewing system changes for security impact and collaborating with dev teams to integrate new technologies securely.
• Continuous Monitoring:
  Proficiency in conducting security inspections, audits, and vulnerability analysis to track patch effectiveness and system health.
• Cloud Security:
  Functional understanding of security operations within AWS or Azure environments.

Communication & Professionalism

• Stakeholder Engagement:
  Proven ability to brief complex technical risks to large groups and coordinate directly with SCAs and DAOs.
• Resilience:
  Ability to manage high‑pressure tasks and mission‑critical deadlines both independently and in team settings.

Desired

• Basic understanding of the software development lifecycle
• Experience working with governance risk and compliance tools (i.e., Xacta, SNOW, etc.)
• Experience utilizing common industry tools (i.e., Nessus, Splunk, Anchore, etc.)
• Active TS/SCI with Polygraph.

The proposed salary range for this position is: $75,200 - $158,100.

CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.