Job description

Overview LMI is seeking an Information Systems Security Engineer (ISSE) to provide cybersecurity Risk Management Framework (RMF) Authority to Operate (ATO) support. LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed. Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors—helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value. This position requires an active TS/SCI with CI poly Responsibilities • Define system security requirements in coordination with security stakeholders including system engineers, program managers, security control assessors, and Authorizing Officials (or their delegates). • Ensure cybersecurity requirements are identified, allocated, implemented, verified, and continuously monitored throughout the system life cycle. • Provide independent cybersecurity advice and guidance to government stakeholders and contractor team members. • Participate in recurring cybersecurity working group meetings. • Develop or review system security designs and architectures, including those for cloud, on-prem or hybrid. • Support Assessment and Authorization (A&A) cybersecurity reviews, identify gaps, and support risk management plans for to also then execute. • Support the Risk Management Framework (RMF) process for each product in the portfolio at all different classification levels including implementation of Security Technical Implementation Guides (STIGs) • Provide SME level cybersecurity engineering support and input to product leads and cybersecurity teams to produce and maintain Authority to Operate (ATO) packages and successfully achieve/maintain ATOs. • Support Interim Authority to Test (IATT), risk assessment/acceptance, and/or other ATO related activities. • Identify and interpret security control non-compliance to determine the impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program. • In concert with ISSM, work with product teams to identify controls, develop appropriate mitigations, and develop and track Program of Action and Milestone (POAM) documents to ensure that ATO packages are technically sound before submission to the program cyber government staff for review. • Advise system engineers on the best methods to remediate vulnerability findings using security scanning tools and government / industry best practices. • Support cybersecurity engineering analysis of alternatives, tradeoffs, and risk treatment decisions. • Work with interdisciplinary teams to deliver trustworthy and secure systems. Qualifications • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field. • 8 years minimum of system and/or security engineering work performed in support of U.S. Government customers. • Experience with space systems. • Experience authoring and maintaining (or contributing documents) of RMF Assessment and Authorization (A&A) documentation, e.g., System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POAMs). • Knowledge of, and experience implementing, ICD 503 and the Government's certification and accreditation process. • Knowledge of, and experience with, client/server architecture, web hosting, web content servers, policy servers, directory servers, firewalls, WAN architectures, WAN architectures, LAN architectures, switches, and routers. • Technical experience configuring and supporting Windows, Linux, Unix, Maces. • Technical experience configuring and supporting VMware, Xen, Hyper V. • Understanding of virtualization platforms and technologies. • Experiencing integrating GOTS and COTS software systems. • Ability to explain complex cybersecurity issues to a diverse audience in layman's terms. • Must possess and maintain a TS//SCI Security Clearance with Polygraph. • Must possess and maintain one of the following credentials: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Cloud Security Professional (CCSP). Desired Qualifications • Experience with batch scripting/python. • Experience with Cloud (i.e., Azure, Amazon C2S, Commercial and GovCloud) security planning, design, and operations. • Experience implementing DoDI 8510.01 Risk Management Framework for DoD. • AWS Certified Security – Specialty (SCS-C02) credential and/or AWS Certified Solutions Architect – Professional (SAP-C02) credential. Target salary range: $109242 - $189108 Disclaimer: The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances. Final compensation will be determined by a variety of factors including but not limited to your skills, experience, education, and/or certifications.

Requirements