Information System Security Engineer (ISSE) II

Date Posted: 2026-04-29 Country: United States of America Location: US-VA-CHESAPEAKE-002-CUST ~ 2 Relay Rd ~ BLDG 344 (External Site) Position Role Type: Onsite U.S. Citizen, U.S. Person, or Immigration Status Requirements: Active and transferable U.S. government issued security clearance is required prior to start date.u200bU.S. citizenship is required, as only U.S. citizens are eligible for a security clearanceu200b Security Clearance Type: DoD Clearance: Top Secret Security Clearance Status: Active and existing security clearance required on day 1 Raytheon brings the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of todayu2019s mission and stay ahead of tomorrowu2019s threat. We deliver solutions that help our nation and allies defend freedoms and deter aggression, creating a safer, more secure world. Join us and help shape the future of aerospace and defense. This job opportunity is for the ROTHR Information System Security Engineer (ISSE) position at ROTHR Chesapeake, VA facility. The ISSE is responsible for the local DoD Mission network servers and workstations in accordance with the authoritative USG requirements documents including (but not limited to): DISA STIGS, DD254, SCGs, CND Directives, OPORDS, etc. The Information System Security Engineer (ISSE) holds a vital role throughout the Risk Management Framework (RMF) process, with key responsibilities particularly evident in the implementation, assessment, and continuous monitoring phases What You Will Do _System Design and Architecture_ + Oversee the development and maintenance of a system's cybersecurity solutions. + Participate in the system engineering process to ensure that cybersecurity requirements, design, and testing are properly addressed throughout the system lifecycle. + Engage with the Network Engineer, Systems Engineer, and Integrated Product Team (IPT) lead to confirm the compatibility of cybersecurity architecture and design with the overall system design and integration. + Identify where their system resides within the overall Navy security architecture (e.g., network, ship, site). + Coordinate with all primary connecting systems to determine what protections can be inherited. + Apply system security and privacy engineering principles and practices to securely develop and integrate system components into information systems. u00b7 _Security Control Management (Implementation and Tailoring)_ + Lead the security control implementation and testing efforts. Identify and taylor the security control baseline with applicable overlays. + Consider control inheritance and inheritance models when assigning controls during the security control selection process. + Conduct all preliminary technical testing, including Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and Assured Compliance Assessment Solution (ACAS)/Nessus scans. + Document detailed results of each Assessment Procedure (AP) within eMASS in the 'Test Results' section for each AP. + Implement approved security controls (often in coordination with the ISSM). + Remediate findings and/or implement mitigating controls as possible. + Update the Plan of Actions & Milestones (POA&M) with non-compliant security controls as required. _Risk Assessment_ + Perform vulnerability-level risk assessments on the POA&M/CAP. + Conduct an initial complete risk assessment and document results in the POA&M. + For identified deficiencies, determine the theoretical attack path for potential exploitation. + Work with the Program Manager/Information System Owner (PM/ISO) to develop the Risk Assessment, incorporating vulnerabilities from the formal assessment. _Security Assessment Plan (SAP) & Authorization_ + Assist with the development, maintenance, and tracking of the Security Plan (SP) + For assessment efforts that do not require a Navy Qualified Validator (NQV), the ISSE (as part of program personnel) is responsible for developing a comprehensive SAP and submitting it for Security Control Assessor (SCA) review and approval. + Ensure the execution of any security testing required as part of Assessment & Authorization (A&A) or annual reviews. + Execute the SAP and assess applicable security controls (Validator participation is encouraged but not required). + Ensure data entered in the eMASS record and POA&M is consistent with implementation results. + o Document and provide all requested rework to the Package Submitting Officer (PSO)/Program Management Office (PMO) for review. _Continuous Monitoring_ + Oversee cybersecurity testing to assess security controls and record their compliance status during the continuous monitoring phase of the lifecycle. + Support the Information System Security Manager (ISSM) in implementing the System Level Continuous Monitoring (SLCM) Strategy, tracking compliance of associated security controls, and communicating security findings. + Update the Security POA&M as necessary during the monitoring step. _Coordination and Documentation_ + Identify Authorizing Official (AO) and SCA cognizance of the system, as well as any specific authorization requirements such as reciprocity, cross domain solutions, and applicable overlays to support System Categorization.' + Utilize the Collaboration Board in the eMASS workflow for formal coordination during the RMF process, posting detailed findings in the Artifacts tab if necessary + The ISSE is generally accountable to the Program Manager/System Owner (PM/SO) and is considered a system-specific role within RMF personnel. Qualifications You Must Have + Active and transferable U.S. government issued Secret security clearance is required prior to start date . U.S. citizenship is required , as only U.S. citizens are eligible for a security clearance.

Created: 2026-05-04