Information System Security Engineer (isse) II

ROTHR Information System Security Engineer (ISSE)

This job opportunity is for the ROTHR Information System Security Engineer (ISSE) position at ROTHR Chesapeake, VA facility. The ISSE is responsible for the local DoD Mission network servers and workstations in accordance with the authoritative USG requirements documents including (but not limited to): DISA STIGS, DD254, SCGs, CND Directives, OPORDS, etc. The Information System Security Engineer (ISSE) holds a vital role throughout the Risk Management Framework (RMF) process, with key responsibilities particularly evident in the implementation, assessment, and continuous monitoring phases

What You Will Do

System Design and Architecture

• Oversee the development and maintenance of a system's cybersecurity solutions.
• Participate in the system engineering process to ensure that cybersecurity requirements, design, and testing are properly addressed throughout the system lifecycle.
• Engage with the Network Engineer, Systems Engineer, and Integrated Product Team (IPT) lead to confirm the compatibility of cybersecurity architecture and design with the overall system design and integration.
• Identify where their system resides within the overall Navy security architecture (e.g., network, ship, site).
• Coordinate with all primary connecting systems to determine what protections can be inherited.
• Apply system security and privacy engineering principles and practices to securely develop and integrate system components into information systems.

Security Control Management (Implementation and Tailoring)

• Lead the security control implementation and testing efforts. Identify and tailor the security control baseline with applicable overlays.
• Consider control inheritance and inheritance models when assigning controls during the security control selection process.
• Conduct all preliminary technical testing, including Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and Assured Compliance Assessment Solution (ACAS)/Nessus scans.
• Document detailed results of each Assessment Procedure (AP) within eMASS in the 'Test Results' section for each AP.
• Implement approved security controls (often in coordination with the ISSM).
• Remediate findings and/or implement mitigating controls as possible.
• Update the Plan of Actions & Milestones (POA&M) with non-compliant security controls as required.

Risk Assessment

• Perform vulnerability-level risk assessments on the POA&M/CAP.
• Conduct an initial complete risk assessment and document results in the POA&M.
• For identified deficiencies, determine the theoretical attack path for potential exploitation.
• Work with the Program Manager/Information System Owner (PM/ISO) to develop the Risk Assessment, incorporating vulnerabilities from the formal assessment.

Security Assessment Plan (SAP) & Authorization

• Assist with the development, maintenance, and tracking of the Security Plan (SP)
• For assessment efforts that do not require a Navy Qualified Validator (NQV), the ISSE (as part of program personnel) is responsible for developing a comprehensive SAP and submitting it for Security Control Assessor (SCA) review and approval.
• Ensure the execution of any security testing required as part of Assessment & Authorization (A&A) or annual reviews.
• Execute the SAP and assess applicable security controls (Validator participation is encouraged but not required).
• Ensure data entered in the eMASS record and POA&M is consistent with implementation results.
• Document and provide all requested rework to the Package Submitting Officer (PSO)/Program Management Office (PMO) for review.

Continuous Monitoring

• Oversee cybersecurity testing to assess security controls and record their compliance status during the continuous monitoring phase of the lifecycle.
• Support the Information System Security Manager (ISSM) in implementing the System Level Continuous Monitoring (SLCM) Strategy, tracking compliance of associated security controls, and communicating security findings.
• Update the Security POA&M as necessary during the monitoring step.

Coordination and Documentation

• Identify Authorizing Official (AO) and SCA cognizance of the system, as well as any specific authorization requirements such as reciprocity, cross domain solutions, and applicable overlays to support System Categorization.'
• Utilize the Collaboration Board in the eMASS workflow for formal coordination during the RMF process, posting detailed findings in the Artifacts tab if necessary
• The ISSE is generally accountable to the Program Manager/System Owner (PM/SO) and is considered a system-specific role within RMF personnel.

Qualifications You Must Have

• Active and transferable U.S. government issued Secret security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance."

• Typically requires a BS degree in Science, Technology, Engineering or Mathematics(STEM) and a minimum of 2 years of prior relevant experience unless prohibited by local laws/regulations.

• Required DoD 8570.01 IAT Level 2 (requires one or more of the following Professional Certifications: CNA Security, GICSP, GSEC, Security+ CE, SSCP)

Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation. This position is NOT eligible for Relocation.

RTX solves some of the toughest challenges in aerospace and defense. That requires expansive thinking and bold innovation – and that, in turn, requires a culture that is based on merit, innovation and excellence. We embrace individuality of thought to fuel opportunity for our employees, our customers, and our communities. We work toward progress, knowing that a more innovative world is critical to our mission. Not just in this moment, but always.

The salary range for this role is 68,900 USD - 131,100 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills. Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement. Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance.

RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act.