Information System Security Engineer (ISSE) II - Hybrid

1/16/2026

The ISSE II will provide cybersecurity support to the Naval Surface Warfare Command, focusing on Information System Security Engineer tasks. Responsibilities include executing the Risk Management Framework process, conducting vulnerability assessments, and maintaining compliance with security standards.

Working Hours

40 hours/week

Company Size

201-500 employees

Language

English

Visa Sponsorship

About The Company

ISHPI works in concert with other defenders of the Homeland to fortify national preparedness, agility, strength and advantage in the cyber domain – a readiness state we refer to as an Holistic CyberStance™. Using our integrated Holistic™ service solutions fortified with CyberSmithed™ and ActiveDefense™ processes, we weave the armor and forge the weapons that enable our clients to maintain a dominating Holistic CyberStance™ – always ready to Anticipate, Defend, Exploit and Attack in the Cyber domain. Our Information Operations, Advanced Information Services, C5ISR Engineering & Technical Services, and Training & Consulting business units work in unison to provide experienced people, proven processes, technology, advice and leadership to enable full spectrum Cyber capability. ISHPI was born a cyber-services company supporting U.S. Armed Forces personnel and other direct defenders of the homeland with a heavy focus on emerging asymmetric Information Operations. Our focus on cyber related services has held steady while our client base and functional capabilities expanded exponentially to envelop essentially all cyber impacted components of modern warfare. Philosophically, our approach to cyber surety has evolved to become Holistic in nature, based on a firm conviction that cyber activities are never truly secure unless every layer of the OSI model and every human input associated with the activity is Holistically engineered and integrated for cyber security. In 2014 ISHPI acquired Advanced Information Services Inc., a globally recognized leader in Software Development Quality and the winner of the 2013 Government Information Security Leadership Award for secure software lifecycle practices and the IEEE Computer Society Software Process Achievement Award. The acquisition added CMMI Maturity Level 5 Cyber-Secure Software Development to ISHPI’s Holistic CyberStance™ Strategy.

About the Role

Overview

Ishpi Information Technologies, Inc. (DBA ISHPI) is passionate about providing our customers with technical solutions that satisfy their business needs. Through collaborative interactions with customers, team members, subject matter experts (SMEs), technical leaders, and partners we design practical solutions that solve real problems for major government and business organizations. As a member of our group, you will work with a team focused on delivering innovative business solutions using emerging technologies through proven successful methods.

Responsibilities

The ISSE II will provide support to the Naval Surface Warfare Command in Philadelphia, PA. Shall provide cybersecurity support for the Code 104 Information Technology Operations Division in the area of Information System Security Engineer (ISSE) support. These duties include but are not limited to:

Assessment & Authorization (A&A)

Cybersecurity Compliance and Audit Readiness

Information Assurance Vulnerability Management (IAVM)

Vulnerability Scanning and Remediation

Application and Implementation of Security Technical Implementation Guides (STIGs) and Security Requirements Guide (SRGs)

Shall assist with the developing, maintaining, and tracking Risk Management Framework (RMF) system security plans which include System Categorization Forms, Platform Information Technology (PIT) Determination Checklists, Assess Only (AO) Determination Checklists, Implementation Plans, System Level Continuous Monitoring (SLCM) Strategies, System Level Policies, Hardware Lists, Software List, System Diagrams, Privacy Impact Assessments (PIA), and Plans of Action and Milestones (POA&M).

Execute the RMF process in support of obtaining and maintaining Interim Authority to Test (IATT), AO approval, Authorization to Operate (ATO), and Denial of Authorization to Operate (DATO).
Identify and tailor IT and CS security control baselines based on RMF guidelines and categorization of the RMF boundary
Perform Ports, Protocols, and Services Management (PPSM).
Perform IT and CS vulnerability-level risk assessments.
Execute security control testing as required by a risk assessment or annual security review (ASR).
Mitigate and remediate IT and CS system level vulnerabilities for all assets withing the boundary per STIG requirements
Develop and maintain Plans of Actions and Milestones (POA&M) in Enterprise Mission Assurance Support Service (eMASS).
Develop and maintain system level IT and CS policies and procedures for respective RMF boundaries and/or guidance provided by the command ISSMs
Implement and assess STIG and SRGs.
Perform and develop vulnerability assessments with automated tools such as Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP) Compliance Check (SCC) and Evaluate STIG.
Deploy security updates to Information System components.
Perform routine audits of IT system hardware and software components.
Maintain inventory of Information System components.
Participate in IT change control and configuration management processes.
Upload vulnerability data in Vulnerability Remediation Asset Manager (VRAM).
Image or re-image assets that are part of the assigned RMF boundary
Install software and troubleshoot software issues as necessary to support compliance of the RMF boundaries’ assets.
Assist with removal of SSD, HDD or other critical components of assets before destruction and removal from the RMF boundary.
Provide cybersecurity patching of assets in times of DoD and DoN TASKORDs, FRAGORDs, or even designated by Command ISSM, ACIO, and/or Code 104 management.
Support configuration change documentation and control processes and maintaining DOD STIG Compliance.
Support cyber compliance of assets that are part of an enterprise IT network to include Windows server and CISCO networking hardware. This includes assessing vulnerabilities, patching and meeting requirements of the STIG for the hardware.
Report compliance issues of network hardware to management as not cause an operational of the network.

Qualifications

Education: Bachelor’s degree in Computer science, Information Technology, or an equivalent technical degree from an accredited college or university.

Experience:Three (3) years professional experience capturing and refining information security operational and security requirements, and ensuring those requirements are properly addressed through purposeful architecting, design, development, and configuration; and implementing security controls, configuration changes, software/hardware updates/patches, vulnerability scanning, and securing configurations.

Minimum Certification Requirement includes one of the following:

CCNA-Security

CySA+

GICSP

GSEC or

Security+ CE

Security Clearance: Requires U.S. Citizenship and an active government security clearance.

“Ishpi Information Technologies, Inc. is an Equal Opportunity Employer. All qualified candidates will be considered without regard to legally protected characteristics.

Expression of Interest: By applying to this job, you are expressing interest in this position and could be considered for other career opportunities where similar skills and requirements have been identified as a match. Should this match be identified, you may be contacted for this and future openings.

*cj

Key Skills

CybersecurityInformation AssuranceRisk Management FrameworkVulnerability ManagementSecurity ComplianceSystem Security PlansSecurity Technical Implementation GuidesVulnerability ScanningConfiguration ManagementPatch ManagementNetwork SecurityAudit ReadinessSecurity ControlsIT SecurityCyber ComplianceSystem Audits