Senior Information System Security Engineer

Tygart Technology is seeking a Senior Information System Security Engineer (ISSE) with a strong software development focus to help build and secure modern applications. In this role, you'll work closely with developers, architects, and security teams to integrate security throughout the software development lifecycle (SDLC), ensuring systems are secure by design,not just after deployment.

You'll lead efforts in DevSecOps, secure coding practices, and application security, while ensuring compliance with frameworks such as NIST, RMF, and DoD standards. This position is key to bridging the gap between cybersecurity requirements and real-world software engineering., Lead and mentor a team implementing the full RMF lifecycle across client systems Oversee planning efforts, ensuring clear ownership, roles, and risk management strategies Guide system categorization based on mission impact and regulatory requirements Direct the selection, tailoring, and documentation of security controls Oversee implementation of technical, operational, and management controls across system and application lifecycles Analyze vulnerability scan results and provide actionable mitigation recommendations Ensure security control assessments are properly planned, executed, and documented Prepare risk management documentation to support system authorization decisions Lead continuous monitoring and ongoing assessment activities to maintain compliance Serve as a senior cybersecurity advisor supporting risk analysis, incident response, remediation, and audits Promote security awareness through training and collaboration with technical teams Track and communicate security risks, status, and improvements to leadership Software & DevSecOps Focus: Integrate security into the SDLC and DevSecOps pipelines Support architecture reviews and system design risk assessments Promote and enforce secure coding practices Conduct and support threat modeling activities Assess and secure CI/CD pipelines and Infrastructure-as-Code (IaC) implementations Collaborate closely with developers and engineers to identify and mitigate risks early in development

Active Top Secret clearance Bachelor's degree in Computer Science, Cybersecurity, or related field A minimum of 8 years of relevant experience in cybersecurity or information assurance Experience with tools such as Tenable Nessus, SecurityCenter, IBM Guardium, Nmap, or similar One or more of the following certifications: Certified Information Systems Security Professional (CISSP) (or Associate) CompTIA Advanced Security Practitioner (CASP) Certified Secure Software Lifecycle Professional (CSSLP) CISSP- Information System Security Engineering Professional (ISSEP) CISSP- Information System Security Architecture Professional (ISSAP) Experience leading cross-functional cybersecurity and engineering teams Strong program management experience, including budgeting, reporting, and team oversight Hands-on experience applying NIST RMF in enterprise or government environments Experience developing security documentation (SOPs, compliance artifacts, QA programs) Experience supporting federal cybersecurity initiatives and assessments Software Security & DevSecOps Experience: Secure SDLC and DevSecOps practices Application security testing (SAST, DAST, SCA) Threat modeling and secure design reviews Experience supporting software development in DevOps environments Familiarity with Agile development methodologies, Advanced degree in Computer Science, Cybersecurity, or related field Hands-on software development experience CISM certification Experience with programming languages such as Python, Java, C#, .NET, or similar