Security Engineer IV; JTMSECEN

Position Title: Security Engineer IV
Labor Category: Senior Information Engineer

The Security Engineer IV supports the Joint Transportation Management System (JTMS) Joint Program Office by providing senior-level security engineering expertise for Risk Management Framework (RMF) authorization, continuous monitoring, and sustainment activities. This role ensures JTMS capabilities operate in compliance with DoD cybersecurity policies within a cloud-based Dev Sec Ops  environment, enabling secure, authorized, and mission-reliable system operations.

Success is demonstrated through timely, accurate RMF artifacts; well-managed eMASS records; and security controls that withstand audits and assessments. The Security Engineer is trusted by government stakeholders to anticipate risks, recommend practical mitigations, and maintain authorization posture while enabling development and operational teams to deliver capabilities without disruption.

At Paragon, security engineering is executed with rigor, accountability, and respect for mission timelines. Engineers operate as integrated members of delivery teams, applying policy-informed judgment, disciplined documentation, and proactive coordination with government and industry partners. The focus is on predictable compliance, continuous improvement, and stewardship of system security throughout the lifecycle.

• Develop, review, and maintain RMF artifacts and system authorization documentation supporting accreditation and sustainment.
• Manage eMASS entries, security control evidence, and Plans of Action and Milestones (POA&Ms).
• Conduct vulnerability assessments, analyze findings, and recommend risk-based mitigations.
• Support integration of security controls and best practices within a Dev Sec Ops  delivery environment.
• Coordinate security activities with Government stakeholders, DISA, and contractor security teams.
• Support audits, security assessments, technical reviews, and authorization decision activities.
• Translate technical security requirements and risks into clear, actionable information for non-technical stakeholders.

• Bachelor's degree or equivalent relevant experience.
• Active SECRET clearance.
• Minimum of seven (7) years of cybersecurity or security engineering experience.
• One or more of the following certifications: CCISO, CISA, CISM, CISSP, CISSP-ISSEP, CySA+, GSLC, or GSNA.
• Demonstrated hands-on experience with RMF and eMASS.
• Experience with STIG implementation, vulnerability scanning, and POA&M management.
• Experience working across technical, functional, financial, and administrative teams.
• Ability to clearly communicate complex security concepts to both technical and non-technical audiences.

• Experience supporting or implementing ERP solutions delivered via a SaaS model in a DoD or Federal environment.
• Knowledge of ERP-driven business process reengineering and configuration-based solution design.
• Experience with system integration, data migration, and master data management in ERP environments.
• Familiarity with RMF, cloud security, and FedRAMP considerations for SaaS solutions.
• Experience supporting Agile or SAFe governance for COTS/SaaS implementations.
• Cloud security experience in environments such as AWS, Azure GCC High, or similar.
• Experience supporting joint or enterprise DoD systems.

• Work is performed in a professional office or government facility environment.
• Participation in classified discussions consistent with SECRET clearance requirements is expected.
• Regular collaboration with geographically distributed government and contractor teams.
• Standard business hours with flexibility as required to support security events or authorization milestones.

Paragon Technology Group delivers trusted, mission-critical outcomes through disciplined execution and professional stewardship. Team members are entrusted with protecting systems that underpin national defense missions and are supported in an environment that values accountability, clarity, and respect for both security and operational imperatives.