Senior Information Systems Security Engineer

Everforth ECS Federal is seeking a Senior Information Systems Security Engineer to work in our Huntsville, AL office. Please Note: This position is contingent upon contract award.   The Senior ISSE SME will support cybersecurity, risk management, and security authorization activities for law enforcement and national security organizations. This role will provide technical security engineering, Risk Management Framework lifecycle support, and secure architecture expertise for complex federal information systems operating in sensitive and mission-critical environments. The Senior Information Systems Security Engineer will work closely with system owners, security officers, security managers, technical teams, and cybersecurity stakeholders to strengthen system security posture, improve the quality of authorization artifacts, and support timely, defensible risk-based authorization decisions. RESPONSIBILITIES * Serve as a senior security engineering advisor for assigned federal information systems throughout the Security Assessment and Authorization lifecycle. * Provide technical security engineering support for Risk Management Framework activities, including Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor. * Advise system owners, security officers, security managers, and technical teams on secure architecture, control implementation, vulnerability remediation, least privilege, least functionality, system boundaries, data flows, and interconnections. * Support development, review, and maintenance of security authorization artifacts, including System Security Plans, control implementation descriptions, Plans of Action and Milestones, risk assessments, network diagrams, data flow diagrams, hardware/software inventories, and assessment evidence. * Help ensure assigned systems maintain compliant authorizations by proactively tracking authorization schedules, documentation status, control gaps, and remediation activities. * Develop and update security test plans and assessment approaches to detect, document, and mitigate risk to information systems. * Support vulnerability and patch management activities by tracking technical findings, coordinating remediation approaches, and helping ensure remediation actions are managed to closure. * Provide technical input for federal cybersecurity compliance, emergency directive, vulnerability reporting, audit readiness, and continuous monitoring activities. * Coordinate with cybersecurity, engineering, infrastructure, and mission stakeholders to resolve technical security issues and improve security authorization execution quality. * Mentor junior and mid-level cybersecurity personnel by providing technical guidance, reviewing work products, sharing RMF and security engineering best practices, and helping build team capability across assigned systems and portfolios. * Contribute to portfolio and program improvements by identifying recurring risks, documentation gaps, process inefficiencies, automation opportunities, and lessons learned, then recommending practical improvements to strengthen security authorization quality, timeliness, and consistency. * Track, report, and communicate security risks, remediation status, documentation quality issues, and improvement opportunities to program leadership and government stakeholders. * Maintain current knowledge of NIST RMF, NIST SP 800-53 Rev. 5, NIST SP 800-53A, FISMA, CNSS, DOJ, IC, and other applicable federal cybersecurity guidance. Qualifications * Active Top Secret clearance with SCI eligibility. * Ability to meet federal law enforcement and national security suitability, access, and polygraph requirements. * U.S. citizenship required; no dual citizenship. * Eight or more years of experience in secure design, analysis, and testing of information security systems and products. * Eight or more years of experience applying security methods, standards, and approaches to ensure baseline security safeguards are implemented and documented. * Eight or more years of experience creating or updating security test plans to detect and mitigate risk to information systems. * Experience supporting RMF, Security Assessment and Authorization, ATO, POA&M, vulnerability management, audit readiness, and security control implementation activities. * Experience working with technical teams to translate security requirements into practical system, network, cloud, or infrastructure configurations. * Strong written and verbal communication skills, including the ability to brief risks, findings, recommendations, and remediation plans to technical and non-technical stakeholders. * CISSP or CEH certification required.