Security Engineer

Security Engineer (RMF)Job Category: Information TechnologyTime Type: Full timeMinimum Clearance Required to Start: TS/SCI with PolygraphEmployee Type: RegularPercentage of Travel Required: Up to 10%Type of Travel: Local* * *

The Opportunity:

We are seeking a skilled Security Engineer (RMF) to support the Defense Intelligence Agency (DIA) at the National Center for Medical Intelligence (NCMI) in Ft. Detrick, Maryland. This role focuses on implementing and managing cybersecurity for IT systems using the Risk Management Framework (RMF), ensuring systems meet federal and DoD security standards to achieve and maintain Authority to Operate (ATO). The Security Engineer will work closely with System Owners, Information System Security Officers (ISSOs), and Enterprise ISSMs to develop security documentation, apply compliance controls, and support the full system lifecycle from design through authorization.

Responsibilities:

• Documentation - Develop and maintain RMF artifacts including System Security Plans (SSP), Security Assessment Reports (SAR), Security Assessment Plans (SAP), and Plans of Action and Milestones (POA&M).
• Compliance & Hardening - Apply DISA STIGs/SRGs, implement NIST controls, and perform system hardening across Windows/Linux environments.
• Assessment & Remediation - Conduct vulnerability scans using tools like Nessus, ACAS, and SCAP. Analyze scan results and manage remediation efforts to reduce risk.
• Authorization Support - Support the Assessment & Authorization (A&A) process to obtain and sustain ATOs. Manage XACTA data requirements and ensure alignment with DIA RMF processes.
• Continuous Monitoring - Perform ongoing security monitoring and reporting to maintain system compliance and health. Review logs and alerts using tools such as Splunk and SolarWinds.
• Coordination & Collaboration - Work closely with System Owners, ISSOs, Enterprise ISSMs, and other engineering teams to develop security plans, respond to incidents, and ensure consistent implementation of cybersecurity policies.
• DevOps & System Support - Maintain DevOps pipelines, manage deployments, and support integration and production environments. Handle outages,