Information System Security Engineer

This role requires U.S. Citizenship. Visa sponsorship is not available and cannot be considered.We're partnering with an early-stage, venture-backed defense tech company building AI-powered software for the U.S. military — systems that have to work in the most contested, communications-degraded environments on earth.This is their first ISSE hire. You won't be inheriting a playbook — you'll be writing it.This is not a traditional compliance role. You'll own the entire software authorization function end-to-end, drive efficiency into the process, and build automation where others have accepted manual overhead. You'll work directly alongside engineers deploying software into real operational environments — not theoretical ones.Long-term path toward CISO as the company scales.What You'll DoOwn the full RMF lifecycle — system categorization, control selection, assessment, authorization, and continuous monitoringBuild and maintain ATO documentation: SSPs, POA&Ms, SARs, and control matricesDrive vulnerability scanning and remediation workflows using ACAS/Nessus and DISA STIGsIdentify and build automation into compliance processes — reducing manual overhead across the authorization lifecyclePartner directly with engineering and infrastructure teams to resolve findings and prepare authorization packagesAdvise on security architecture, threat modeling, and secure coding practicesEngage government stakeholders and authorizing officials directlyWhat You BringU.S. Citizenship requiredMust have held a U.S. security clearance at some point or be able to obtainHands-on, personal ownership of RMF-based software authorization — you drove packages to the finish line, not just supported themATL or IATT experience — you know what it takes to get software authorized on government networksFluency in the tooling: eMASS or XACTA, ACAS/Nessus, STIG ViewerComfortable operating as a team of one and building from scratchNice to HaveActive Top Secret clearanceMilitary background — cyber, signals, or IT MOS/AFSCExperience deploying software into classified or air-gapped environmentsDevSecOps pipeline experienceCISSP, CAP, or similar certificationAutomation or scripting experience applied to compliance workflows