TS/SCI w/Poly - ISSE role (A&A/ATO/NIST)
Position is with the VA Intel Customer and requires an active TS/SCI with Full Scope Poly clearance.
The ISSE will lead and execute security engineering activities across complex, enterprise-scale
environments. This role requires deep technical expertise across infrastructure, platforms, and
applications, combined with expert-level, hands-on experience implementing the NIST Risk
Management Framework (RMF) within federal government environments. The ideal candidate is
a technical practitioner, not just an advisor – someone who can design, implement, assess, and
secure systems end-to-end while directly supporting system authorization, continuous
monitoring, and risk-based decision-making. This role also serves as the technical focal point for
all security incidents, leading triage, investigation, and resolution efforts in coordination with
program and enterprise security teams.
QUALIFICATIONS
Bachelor’s Degree in Computer Science, IT, or a related technical discipline, or the
equivalent combination of education, technical training, or work/military experience
Minimum ten (10) years of related cyber security engineering experience
REQUIRED KNOWLEDGE/SKILLS
Proven hands-on Cyber Security Engineer SME, not policy-only or audit-only
Comfortable working across network, system, platform, and application layers
Deep understanding of how security controls are actually implemented and validated
Experience in federal RMF-driven environments
Able to bridge security, engineering, and compliance effectively
Experienced in managing security incidents from detection through resolution
Skilled at balancing immediate incident response needs with long-term security
improvements
Effective collaborator across organizational boundaries during high-pressure security events
Operate independently as the technical authority for system security engineering
Demonstrate the ability to provide technical hands-on configuration, validation, and
assessment of security controls
Translate RMF and NIST requirements into real-world technical implementations
Communicate complex technical security issues clearly to both technical and non-technical
stakeholders
Maintain a strong balance between security compliance and operational practicality
Lead rapid response to security incidents with minimal guidance
Demonstrate strong analytical and troubleshooting skills under pressure during active
security events
Effectively communicate incident status, impact, and remediation progress to technical and
leadership audiences
Security & Compliance
o Expert-level experience with NIST Risk Management Framework (RMF) in federal
government environments
o Strong knowledge of:
NIST SP 800-53
NIST SP 800-37
NIST SP 800-30
o Direct involvement I ATO packages, control implementation, and assessments
o Hands-on experience with Security Information and Event Management (SIEM)
platforms (e.g., Splunk, ELK Stack, ArcSight, QRadar)
o Demonstrated experience in security incident detection, analysis, and response
o Proven ability to triage security alerts and determine criticality and impact
Infrastructure & Platforms (Hands-On)
o Networking (e.g., routing, switching, firewalls, load balancers, network security controls)
o Operating Systems:
Windows Server
Linux (RHEL, CentOS)
o Virtualization and storage platforms
o Databases (SQL and/or NoSQL)
o Data platforms (e.g., HPCC, Hadoop/Cloudera)
o Web services, APIs, and application architectures
o Software development environments and CI/CD pipelines
o Security tooling (e.g., vulnerability scanners, endpoint protection, SIEM)
Engineering Experience
o Security engineering and system hardening
o Vulnerability discovery and remediation
o Secure system design and architecture reviews
o Technical documentation supporting RMF compliance
o Experience in cloud environments (AWS, Azure, GCP, CI) within federal RMF contexts
o Experience with DevSecOps practices
DESIRED SKILLS
Hands-on experience with containerization and orchestration (Docker, Kubernetes)
Hands-on experience with infrastructure-as-code
Knowledge of federal overlays (e.g., DoD, FISMA High/Moderate)
Relevant certifications (preferred, not required):
o CISSP
o CAP
o CISM
o Security+
o Cloud Security
o Certified Ethical Hacker
Experience with guiding and directing junior engineers and information systems security officer (ISSO)
Experience with security orchestration, automation, and response (SOAR) platforms
Background in threat hunting and proactive security monitoring
Relevant incident response certifications
KEY RESPONSIBILITIES
Serve as the Cyber Security Engineer SME, providing hands-on security engineering across
all system layers (infrastructure, platform, and application)
Engineer, implement, and validate security controls in accordance with NIST SP 800-53 and
RMF requirements
Lead and support RMF lifecycle activities (Categorize, Select, Implement, Assess,
Authorize, Monitor)
Perform security engineering for:
o Network architectures and boundary protections
o Windows and Linux operating systems
o Storage and virtualization platforms
o Databases and data platforms
o Web services, APIs, and application stacks
o Custom and COTS/GOTS software solutions
Provide technical input to RMF artifacts, including:
o System Security Plans (SSP)
o Security Control Assessments (SCA) support
o POA&Ms
o Risk assessments and security impact analyses
Collaborate with system owners, architects, developers, ad operations teams to embed
security into system design and implementation
Support ATO, re-authorization, and continuous monitoring activities
Identify security risks and provide practical, technically sound mitigation strategies
Participate in security reviews, technical design reviews, and vulnerability remediation efforts
Serve as technical l point of contact for all security incidents affecting the program
Lead triage and analysis of new security alerts from SIEM, IDS/IPS, and other security
monitoring tools
Drive remediation efforts for recurring security alerts, identifying root causes and
implementing systemic fixes
Coordinate incident response activities between program stakeholders and enterprise
security operations
Act as primary liaison between program teams and enterprise security for incident
escalation, resolution, and reporting
Perform forensic analysis and technical investigations of security events
Document security incidents, response actions, and lessons learned
Develop and maintain runbooks and playbooks for common security incident types
Requirements
Required Skills and Demonstrated Experience
The Contractor shall have the following required skills, certifications, and demonstrated experience:
Demonstrated experience with designing and implementing secure communication solutions and networks.
Demonstrated experience with implementing infrastructure in public cloud domains.
Demonstrated experience with the Intelligence Community Directive (ICD) 503 Assessment and Accreditation (A&A) process and acquiring necessary approvals to develop, implement and operate systems.
Demonstrated experience with the A&A processes and cyber security requirements as well as experience with coordinating with multiple entities or organizations to obtain necessary approvals to achieve and maintain Authority to Operate (ATO) status.
Demonstrated experience addressing and implementing system security controls.
Demonstrated experience triaging and troubleshooting system issues.
Demonstrated experience producing technical system documentation.
Demonstrated experience with designing and implementing cloud-hosted infrastructure for use with mobile and commercial applications.
Demonstrated experience in information security.
Demonstrated experience transferring, handling, and securing sensitive data.
Demonstrated experience developing system design diagrams.
Demonstrated experience developing and briefing system designs to both technical and non-technical audiences to obtain operational and security approvals.
Certifications: CompTIA Network+, CompTIA Security+, and ISC2 Certified Information Systems Security Professional (CISSP)
Highly Desired Skills and Demonstrated Experience
Skills and demonstrated experiences that are highly desired but not required to perform the work include:
Demonstrated experience with Sponsor systems, architecture, and data.
Demonstrated experience providing coordination across Sponsor’s organization and business partners to expedite technology approval.
Demonstrated experience with the Sponsor’s A&A process and cyber security requirements as well as experience with coordinating across the Sponsor organization to obtain necessary approvals to achieve and maintain Authority to Operate (ATO) status
Demonstrated experience working independently and collaboratively within a team environment.
Demonstrated experience developing system design diagrams using Sponsor provided tools.
Certification: EC-Council Ethical Hacker (CEH)
Benefits
Leading Path is an award-winning Information Technology and Management Consulting firm focused on providing solutions in process, technology, and operations to our government and Fortune 500 clients. We offer a professional and family friendly work environment with a strong work-life balance. Leading Path provides a comprehensive and competitive benefits package including fully paid medical/dental/vision premiums, generous PTO, 11 Paid Holidays, 6% 401K contribution, annual training and tuition reimbursement, SPOT Award bonuses, regular team events, opportunities for professional growth and advancement and much more!