Talent.com
Information Security Engineer

Information Security Engineer

iCatalyst IncMcLean, VA, US
job_description.job_card.variable_days_ago
serp_jobs.job_preview.job_type
  • serp_jobs.job_card.full_time
job_description.job_card.job_description

Job Description

Job Description

Requirement ID# : 2025_09_ISE

Job Type : Full Time

Hybrid Opportunity - Must live in the Washington, D.C. Metropolitan area, or willing to relocate to be considered.

Clearance Requirement : Public Trust Clearance - Due to federal clearance requirements for this position, only U.S. citizens are eligible. Candidates with a green card or visa sponsorship —now or in the future—are NOT eligible for this clearance. Company Overview

iCatalyst, Inc. is an agile solution-oriented business and technology solutions company serving as a trusted partner and advisor to multiple federal and commercial customers since 2007. We are appraised at Capability Maturity Model Integration (CMMI) ML3 in Software Development and our systems are International Organization for Standardization (ISO) 9001 : 2015 (Quality Management) and ISO 27001 : 2013 (Information Security) certified. Our expertise and primary support is in areas of Program Management, Software Development, Artificial Intelligence (AI), Enterprise Architecture, Data Analytics and Business Intelligence, and Cyber Security.

We have an exciting opportunity for a seasoned Information Security Engineer to join our team to support our Federal Programs.

We offer a comprehensive benefits package to include medical, dental, short-term disability insurance, life insurance, free Uber rides and phone reimbursement. Other benefits include 401K, paid government holidays, training, education assistance, wellness benefit, and paid personal leave.

Job Responsibilities

The Information Security Engineer will manage the full lifecycle of assigned Information Systems, ensuring compliance with federal and Department policies, will lead ATO planning and execution, maintain security documentation in the GRC tool, and manage interconnection agreements and privacy artifacts. The role includes implementing RMF steps 0–6, ensuring NIST and FedRAMP compliance, overseeing vulnerability management and access controls, and integrating contingency planning with enterprise risk management. The Engineer also supports AO risk decisions, represents systems at governance boards, and ensures timely, accurate, and compliant delivery of ATO outcomes.

Some high-level duties include but are not limited to the following :

  • System Oversight & Governance :

Lead the management, operations, and maintenance of assigned Information Systems.

  • Represent systems at ED boards (EIMB, ERB, EATI) and contribute to strategic planning and governance.
  • Security & Compliance :

    • Serve as the lead stakeholder for all security-related activities, including audits, A&A, OSA, FISMA reporting, and data calls.

  • Implement Risk Management Framework (RMF) steps 0–6 per NIST SP 800-37.
  • Ensure compliance with NIST SP 800-53 and other relevant federal standards.
  • Maintain access to FedRAMP packages for assigned Cloud Service Providers (CSPs).
  • Review and manage CSP POA&Ms and ensure alignment.
  • Documentation & Reporting :

    • Develop and maintain systems security documentation (e.g., SSP, BIA, ISCP, DRP, IRP, POA&Ms).

  • Ensure timely updates in the ED’s GRC Tool (e.g., CSAM).
  • Respond promptly to security incident reports, audits, and management reporting requirements.
  • Maintain data in the CSF Risk Scorecard and GRC Tool, including daily documentation and POA&M statuses.
  • System Security & Monitoring :

    • Authorize and manage privileged user access.

  • Conduct user account validations and upload reports under AC-2 control.
  • Ensure timely vulnerability scanning, remediation, and POA&M tracking.
  • Risk & Impact Management :

    • Perform and review Security Impact Analyses (SIA) for system changes.

  • Integrate system contingency planning with broader enterprise risk and continuity efforts.
  • Assist ISSO in identifying residual risks and support AO risk decision-making.
  • Interconnection & Control Inheritance :

    • Ensure valid ISAs, IAAs, MOUs are in place before connecting with other entities.

  • Follow ED’s Common Controls Catalog for control inheritance and integration.
  • Collaboration & Representation :

    • Partner with the ISSO, SAOP, and other stakeholders to ensure privacy and security compliance (e.g., PIA, PTA).

  • Attend and contribute to ED security briefings, workshops, and review boards.

    • Required Skills

  • Proficient in implementing and managing RMF steps 0–6 in accordance with NIST SP 800-37.
  • Strong working knowledge of NIST SP 800-53, 800-18, 800-30, and related guidelines.
  • Skilled in drafting and maintaining security artifacts such as SSPs, POA&Ms, BIA, ISCP, IRP, and PIAs.
  • Vulnerability management

    • Supports compliance, risk assessments, and AO briefings.

  • Understanding of cloud service provider (CSP) environments and FedRAMP requirements.
  • Strong written and verbal communication and collaboration skills.

    • Experience / Qualifications

  • 8 years of relevant experience.
  • Experience supporting FISMA reporting, audits, and control assessments.
  • Experience managing privileged user access, user validation, and AC-2 controls.
  • Familiarity with Governance, Risk, and Compliance (GRC) tools (e.g., CSAM or similar).
  • Experience with federal IT security standards and practices, including FISMA, NIST RMF, and FedRAMP.
  • Relevant security certifications (e.g., CISSP, CISM, CAP, or similar).

    • Education

  • Position requires BS / BA or Master's degree in STEM, Computer Science or similar discipline from an accredited university.

    • Contract / Customer

    Federal Agency

    For more information, please visit :

    iCatalyst Careers Page

    iCatalyst Website

    #hc198983

    serp_jobs.job_alerts.create_a_job

    Information Security Engineer • McLean, VA, US