Information Systems Security Engineer

About the Role

The selected candidate will serve as a Senior Information Systems Security Engineer (ISSE) responsible for Assessment & Authorization (A&A) activities under the Defense Health Agency (DHA). The role involves obtaining and maintaining Authorizations to Operate (ATO) for DoD medical applications, networks, and devices. • Serve as Senior ISSE subject matter expert for multiple information systems. • Conduct risk and vulnerability assessments and develop mitigation solutions. • Lead and participate in A&A status meetings with senior government and contract personnel. • Assess system compliance with NIST, DoD, and DHA security requirements, including NIST 800‑53, DISA STIGs, and SRGs. • Produce evidence, analyze vulnerability scans, and assist with remediation tasks. • Prepare and update RMF documentation such as Security Plans, POA&Ms, and Risk Assessment Reports. • Coordinate with other SMEs to create authorization boundary diagrams, architecture diagrams, and inventory lists. • Submit weekly status reports to DHA leadership.

Key Responsibilities

• ▸isse expert
• ▸risk assessment
• ▸compliance review
• ▸vulnerability scans
• ▸rmf documentation
• ▸status reporting

What You Bring

The position is onsite with an estimated 35 % travel requirement and follows standard working hours. The work environment emphasizes safety, collaboration, and adherence to DoD security standards. Required qualifications include a bachelor’s degree (or 18 years of hands‑on cyber/IT experience in lieu of a degree), an active TS/SCI clearance, and experience with Special Access Programs. Candidates must demonstrate expert‑level knowledge of the Risk Management Framework, DISA STIGs, SRGs, NIST 800‑53, and have hands‑on experience with ACAS, eMASS, and DoD RMF package development. Strong oral and written communication skills, customer‑service orientation, and familiarity with NIST publications are also required. Desired qualifications include prior work under DHA, familiarity with HBSS, continuous monitoring and risk scoring, and experience with application security tools such as Fortify, WebInspect, or AppDetective. • Bachelor’s degree plus 15 years of cyber/IT experience (or 18 years without degree). • Active TS/SCI clearance and experience with Special Access Programs. • Expert‑level knowledge of Risk Management Framework and RMF package development. • Proficiency with DISA STIGs, SRGs, and NIST 800‑53 controls. • Hands‑on experience with ACAS, eMASS, and DoD security tools. • Strong customer service, oral and written communication skills. • Familiarity with NIST publications. • Experience working under DHA. • Knowledge of HBSS and Continuous Monitoring and Risk Scoring (CMRS). • Experience with Fortify, WebInspect, or AppDetective security tools.

Requirements

• ▸bachelor’s
• ▸ts/sci
• ▸rmf
• ▸disa stigs
• ▸acas
• ▸customer service

Benefits

KBR offers a competitive lifestyle benefits package that may include a 401(k) with company match, comprehensive medical, dental, vision, life, AD&D and disability coverage, flexible spending accounts, paid time off, and flexible work‑schedule options. The company supports career advancement through professional training and development, and promotes a Zero Harm culture. • Competitive 401(k) with company match. • Comprehensive medical, dental, vision, life, AD&D, and disability coverage. • Flexible spending accounts and paid time off. • Flexible work‑schedule options. • Professional training and career advancement opportunities.

Work Environment

Onsite