Information System Security Engineer II

Location: Philadelphia, PA
Clearance: Secret
Position Type: Full-time

AERMOR is seeking an Information System Security Engineer II who will be responsible for ensuring the security and compliance of enterprise information systems through the implementation and management of cybersecurity controls. This role focuses on Assessment & Authorization (A&A), compliance readiness, and the continuous monitoring of systems in alignment with DoD and federal cybersecurity standards. The engineer will support all aspects of system accreditation, vulnerability management, and the application of security configuration baselines across systems and networks.

This is not a remote position.

Key Responsibilities:

• Support Assessment & Authorization (A&A) activities in accordance with the Risk Management Framework (RMF) and applicable DoD/Federal policies.
• Ensure Cybersecurity Compliance and Audit Readiness through continuous monitoring, control validation, and documentation updates.
• Execute and manage Information Assurance Vulnerability Management (IAVM) processes to track, prioritize, and remediate security notices and vulnerabilities.
• Perform Vulnerability Scanning and Remediation using approved tools and methods to maintain system integrity and reduce risk exposure.
• Apply and validate Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) for servers, networks, applications, and workstations to maintain compliance with DoD standards.
• Capture, analyze, and refine information security operational and security requirements to support secure system design and deployment.
• Implement and maintain security controls, configurations, and patches to ensure systems remain hardened and compliant.
• Coordinate and apply software/hardware updates and configuration changes in alignment with approved baselines.
• Support incident response efforts, ensuring proper coordination, documentation, and remediation of identified issues.
• Maintain up-to-date security documentation, including System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and audit artifacts.
• Support accreditation, audit, and inspection activities, ensuring readiness for internal and external reviews.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, or a related STEM field from an accredited college or university.
• Must hold an IAT II certification.
• Minimum of three (3) years of professional experience in:
  • Capturing and refining information security operational requirements.
  • Implementing and maintaining security controls and compliant system configurations.
  • Conducting vulnerability scanning, IAVM tracking, and STIG/SRG implementation.
  • Supporting A&A and cybersecurity compliance activities.
  • Familiarity with eMASS, ACAS, Nessus, Splunk, or other approved DoD cybersecurity tools.