Your Impact:
Are you interested in using your skills to help shape the Cyber, Security, & Intel space? If so, look no further. Amentum is seeking a Information System Security Engineer (ISSE) to join our team of passionate individuals in Elkridge, MD. In this role you will support challenging, mission-critical projects that make a direct impact on the Nation’s security and intelligence mission.
As a Cyber Systems Engineer/ Information System Security Engineer (ISSE) at Amentum, you will play a vital role in safeguarding national security by protecting the integrity, confidentiality, and availability of government-affiliated information systems. Your expertise will directly support critical defense and intelligence missions, ensuring that cybersecurity risks are identified, mitigated, and continuously monitored in alignment with stringent DoD and DIA standards.
By serving as the primary security advisor for assigned systems, your work will not only ensure operational compliance but will also contribute to the resilience and trustworthiness of mission-critical infrastructure relied upon by U.S. government agencies. Through close collaboration with engineers, system administrators, government clients, and security assessors, you will help design and maintain secure environments where innovation and mission success are achieved without compromising cybersecurity.
Your contributions will have a lasting impact, enabling rapid threat response, reduced risk exposure, and the sustained protection of sensitive data and digital assets vital to national defense and intelligence operations.
Responsibilities:
• Lead Security Authorization Efforts: Oversee and coordinate the Assessment & Authorization (A&A) processes in alignment with Risk Management Framework (RMF) and Intelligence Community Directives (ICD). This includes interfacing with Group-level Information Systems Security Managers (ISSMs) and Security Controls Assessors (SCAs) to ensure thorough and timely security reviews.
• Develop and Maintain Security Documentation: Prepare and maintain essential security documentation such as System Security Plans (SSPs), Concept of Operations (CONOPS), Contingency Plans (CP), General User Guides (GUG), Privileged User Guides (PUG), and Standard Operating Procedures (SOPs). Ensure documentation accurately reflects the current system architecture and security posture.
• Collect and Analyze Security Artifacts: Coordinate with program managers, system owners, and engineering teams to collect Bodies of Evidence (BoEs) and artifacts necessary for A&A. Analyze and compile documentation that supports security control implementations and Plan of Action & Milestones (POA&Ms) mitigation strategies.
• Coordinate Authorization Milestones: Facilitate and track progress through customer A&A processes to achieve key security milestones such as Authority to Develop (ATD), Interim Authority to Test (IATT), and Authority to Operate (ATO). Maintain up-to-date knowledge of each project's A&A status and communicate updates effectively across technical and leadership levels.
• Support Security Compliance and Audit Activities: Act as a liaison during audits and compliance assessments, supporting continuous monitoring and promoting adherence to RMF, DIA policy, IC guidance, and applicable federal laws. Assist in the annual updates of Information Security Continuous Monitoring (ISCM) and Organizational Assessment (OA) Strategy Plans.
• Evaluate and Respond to Emerging Threats: Review and revise control volatility sections of security plans in response to evolving threats, policy changes, and updated federal or agency guidance. Provide input on High Value Assets (HVAs), and systems classified at TS/SCI or Secret levels, ensuring appropriate protections are in place.
• Deliver Recommendations and Process Improvements: Generate actionable recommendations to enhance the security program. Identify inefficiencies in current processes and propose improvements based on best practices, audit findings, and lessons learned.
• Technical Content Review: Perform detailed technical and editorial reviews of A&A documentation, ensuring clarity, accuracy, and compliance with relevant standards and frameworks.
• Certification Maintenance: Maintain compliance with DoD 8570.01-M requirements for the IASAE Level II role, ensuring credentials and training are current
Requirements:
• In-depth understanding of the Risk Management Framework (RMF) lifecycle and Intelligence Community Directives (ICDs), particularly ICD 503.
• Ability to lead and coordinate all phases of the A&A process, from system categorization to authorization and continuous monitoring.
• Demonstrated experience engaging with Group-level ISSMs, SCAs, and other key stakeholders to facilitate timely and thorough security reviews.
• Proficiency in interpreting security requirements and guiding implementation across complex system architectures.
• Experience coordinating with PMs, system owners, and engineering teams to gather required Bodies of Evidence (BoEs).
• Strong analytical skills to assess artifacts and ensure alignment with RMF controls and A&A package requirements.
• Ability to track and document Plan of Action and Milestones (POA&Ms), and work with stakeholders to ensure timely mitigation and evidence collection.
• Understanding of key cybersecurity milestones including:
• Authority to Develop (ATD)
• Interim Authority to Test (IATT)
• Authority to Operate (ATO)
• Proven ability to track project status, escalate delays, and maintain open communication with both technical teams and leadership.
• Experience navigating customer-specific A&A processes, tools, and review boards.
Experience supporting internal and external audits, including liaising with auditors and preparing for compliance assessments.
Familiarity with Information Security Continuous Monitoring (ISCM) strategies and implementation.
Understanding of agency-specific compliance standards including DIA policies, DoD directives, and federal cybersecurity laws.
Ability to support and update Organizational Assessment (OA) Strategy Plans annually or as required.
• Ability to perform threat modeling and incorporate emerging threats into the security control strategy.
• Knowledge of High Value Asset (HVA) protection requirements and protocols for systems classified as Top Secret, SCI, and Secret.
• Experience with dynamic updates to the control volatility section of SSPs in response to:
• Policy changes
• New threat intelligence
• Updated guidance from DIA, IC, NIST, etc.
• Experience conducting gap analyses, risk assessments, and security posture evaluations.
• Ability to recommend policy, process, or technical improvements based on A&A findings, lessons learned, and audit outcomes.
Demonstrated ability to document findings and present them in a clear, actionable format to stakeholders.
• Strong writing and technical editing skills to review A&A documentation for:
• Compliance with standards
• Technical accuracy
• Readability and consistency
• Familiarity with collaborative review processes and version control tools (e.g., SharePoint, Confluence, Git, etc.).
• Must hold and maintain a DoD 8570.01-M IASAE Level II certification, such as:
• CISSP-ISSAP
• CISSP-ISSEP
• CASP+ CE (if accepted by employer)
• Responsibility to stay current with certification requirements, training, and continuing education relevant to the role.
Clearance Required:
• TS/SCI with POLY
Minimum Education:
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. (Relevant experience may substitute for education.)
Minimum Years of Experience:
• 3-5 years of experience in information system security or cybersecurity roles.
Required Certifications:
• DoD 8570.01-M IAT Level II, such as:
o CISSP-ISSAP
o CISSP-ISSEP
o CASP+ CE (if accepted by employer)
Preferred:
• Experience supporting DIA or Intelligence Community customers
• Familiarity with eMASS, Xacta, or similar compliance management platforms
• Experience with classified system environments (e.g., SIPR, JWICS)
• Working knowledge of Linux and Windows secure system configuration
• Experience interacting with Government Authorizing Officials (AOs) and Security Control Assessors (SCAs).
#javelin #externalreferral
Pay Transparency Verbiage
Amentum’s health and welfare benefits are designed to invest in you and in the things you care about. Your health. Your well-being. Your security. Your future. Eligible employees and their dependents may elect medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan, and, if eligible, a deferred compensation plan and Executive Deferral Plan. Employees will also receive 17 days of vacation per year, seven paid holidays, plus floating holidays and caregiver leave. Hired applicants will be able to purchase company stock and have the opportunity to receive a performance discretionary bonus.
The base salary range for this position is $210,000 to $220,000. This range reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
