Information System Security Engineer

This role requires U.S. Citizenship. Visa sponsorship is not available and cannot be considered. We're partnering with an early-stage, venture-backed defense tech company building AI-powered software for the U.S. military — systems that have to work in the most contested, communications-degraded environments on earth. This is their first ISSE hire. You won't be inheriting a playbook — you'll be writing it. This is not a traditional compliance role. You'll own the entire software authorization function end-to-end, drive efficiency into the process, and build automation where others have accepted manual overhead. You'll work directly alongside engineers deploying software into real operational environments — not theoretical ones. Long-term path toward CISO as the company scales. What You'll Do • Own the full RMF lifecycle — system categorization, control selection, assessment, authorization, and continuous monitoring • Build and maintain ATO documentation: SSPs, POA&Ms, SARs, and control matrices • Drive vulnerability scanning and remediation workflows using ACAS/Nessus and DISA STIGs • Identify and build automation into compliance processes — reducing manual overhead across the authorization lifecycle • Partner directly with engineering and infrastructure teams to resolve findings and prepare authorization packages • Advise on security architecture, threat modeling, and secure coding practices • Engage government stakeholders and authorizing officials directly What You Bring • U.S. Citizenship required • Must have held a U.S. security clearance at some point or be able to obtain • Hands-on, personal ownership of RMF-based software authorization — you drove packages to the finish line, not just supported them • ATL or IATT experience — you know what it takes to get software authorized on government networks • Fluency in the tooling: eMASS or XACTA, ACAS/Nessus, STIG Viewer • Comfortable operating as a team of one and building from scratch Nice to Have • Active Top Secret clearance • Military background — cyber, signals, or IT MOS/AFSC • Experience deploying software into classified or air-gapped environments • DevSecOps pipeline experience • CISSP, CAP, or similar certification • Automation or scripting experience applied to compliance workflows