Role Overview
The Information Systems Security Engineer (ISSE) – SME serves as a senior technical authority responsible for leading the implementation and execution of the DOJ’s Security Assessment and Authorization (SAA) Program in accordance with DOJ policy, the SAA Policy Guide, and NIST Risk Management Framework (RMF) requirements. This role provides expert-level security engineering leadership across complex DOJ IT environments, ensuring systems are securely designed, authorized, monitored, and sustained throughout their lifecycle.
The ISSE SME acts as a principal technical advisor to Government leadership, system owners, ISSOs, and engineering teams, driving consistent, high-quality RMF execution and risk-informed decision-making.
Key Responsibilities
RMF & SAA Program Leadership
- Lead, mentor, and supervise security professionals responsible for end-to-end RMF lifecycle execution for DOJ information systems.
- Direct and coordinate activities within the Prepare step of RMF, ensuring roles, responsibilities, governance structures, and risk management strategies are clearly defined and maintained.
- Guide system categorization efforts to ensure information systems are properly classified based on mission impact, data sensitivity, and regulatory requirements.
Security Engineering & Control Implementation
- Direct the selection, tailoring, and documentation of security controls aligned with system categorizations, DOJ risk tolerance, and compliance requirements.
- Oversee implementation of technical, operational, and management controls across system and application lifecycles, ensuring quality, completeness, and consistency of deliverables.
- Serve as the senior technical authority for security architecture decisions, secure configurations, and remediation strategies.
Assessment, Authorization & Continuous Monitoring
- Ensure comprehensive security control assessments are planned, executed, and documented to validate control effectiveness.
- Prepare and review risk management documentation to support system authorization decisions and executive-level risk acceptance.
- Direct continuous monitoring and ongoing assessment activities, collecting metrics and trends to inform risk posture and adjust security strategies.
Risk, Incident & Audit Support
- Provide subject-matter expertise for cybersecurity risk analysis, incident response, vulnerability remediation, and audit support.
- Support OIG, FISMA, and internal review activities, ensuring systems remain audit-ready and defensible.
Stakeholder Engagement & Reporting
- Serve as a trusted technical advisor to DOJ leadership, system owners, ISSOs, and mission stakeholders.
- Track, report, and communicate security engineering status, risks, and improvement opportunities to Government and contractor leadership.
- Foster collaboration across divisions to ensure consistent application of security best practices.
Training & Continuous Improvement
- Promote a culture of security awareness through technical guidance, mentoring, and training.
- Maintain up-to-date knowledge of RMF, NIST guidance, DOJ policies, and industry best practices.
- Identify opportunities to improve RMF execution efficiency, consistency, and effectiveness through process refinement and approved tooling.
Qualifications & Experience
Required
- Senior-level experience providing security engineering leadership in federal or IC environments.
- Deep expertise in NIST RMF, FISMA, and federal authorization processes.
- Demonstrated experience supporting complex, enterprise-scale IT systems across multiple lifecycle stages.
- Proven ability to advise leadership on risk-based security decisions.
Preferred / Highly Desired
- Prior experience supporting DOJ, or Intelligence Community customers.
- Experience working alongside ISSOs, AOs, and assessment teams in high-tempo environments.
- Familiarity with network, infrastructure, application, and SaaS security architectures.
- Experience supporting audit remediation and continuous monitoring programs.