Hybrid Information Systems Security Engineer at Karsun Solutions, LLC

Summary

This individual will serve in a compliance support role, stepping in when the primary ISSE is unavailable or during periods of increased workload. Their focus is ensuring continuity of RMF and cybersecurity compliance activities, not full-time ownership of the ISSE function.

What You'll Do:

• Supporting RMF package updates and maintaining authorization documentation (e.g., SSP, POA&M, SAR).
• Advisory support to system owners on control implementation and mitigation strategies.
• Conducting or reviewing vulnerability scanning results and assisting with remediation planning.
• Participating in inspection prep or audits as needed.
• Providing input into status reporting, dashboards, and metrics related to system security posture.
• Assisting in the collection of evidence, as directed by Navy Cyber Defensive Operations Command (NCDOC), including:
• Contributing to the preservation of evidence by maintaining the chain of custody IAW OPNAV 5527/22.
• Submitting Electronic Spillage Action Forms.
• Reviewing System Authorization Access Request Navy (SAAR-N) and Privileged Access Agreement (PAA) forms, utilizing Total Workforce Management Services (TWMS), to support user account issuance and management, including two-factor authentication (2FA) tokens as the Trusted Agent (TA).
• Furnishing recommendations and administrative support in developing, managing, and updating cyber incident handling procedures per updated DoD or DON policy.  
• Sanitizing, destroying, and disposing of media cleared for destruction (e.g., hard drives, CDs/DVDs).
• Validating required cybersecurity training requirements for NCTSSD personnel, as needed, to maintain system access.

Onsite Support Expectations:

• If the primary ISSE is attending, virtual participation or no presence may be sufficient.
• When onsite, they may support leadership briefings, walkthroughs, or in-person compliance check-ins.

Cross-Coverage & Availability:

• The backup should be available on-call for urgent needs (e.g., incident response, compliance review deadlines).
• For extended absences (vacation, medical leave), the backup may need to temporarily assume more active duties, including interfacing with government stakeholders and leading RMF activities.

Required Qualifications

• 10+ years of cybersecurity experience, with demonstrated expertise in RMF implementation, package development, and continuous monitoring for DoD systems.
• Proficiency with ACAS, Nessus, Splunk, SCAP Compliance Checker (SCC), POA&Ms, DIACAP, NISPOM, and vulnerability management tools.
• Strong technical writing skills for RMF artifacts, security control assessments, and risk documentation.
• Experience applying DISA STIGs and performing system hardening for compliance.
• Skilled with Microsoft 365 Impact Level 5 (M365 IL5) and SharePoint Online (SPO).
• Bachelor’s degree in Computer Science, Electrical Engineering, or related technical discipline (an additional 10 years of relevant experience may substitute for the degree).
• Active certifications in one or more of the following:
  • CGRC (Certified in Governance, Risk & Compliance)
  • CASP+ (CompTIA Advanced Security Practitioner)
  • CompTIA Security+
  • SSCP (Systems Security Certified Practitioner)
  • CISM, CISSP, GSEC, or GSLC
• Active TS/SCI Clearance

The proposed salary range for this role is $****** to $******* USD. The salary range provided is a good faith estimate representative of all experience levels. Karsun considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate’s work experience, location, education/training, and key skills.