Seeking anInformation Assurance Engineer IIto supportthe full Risk Management Framework (RMF) lifecycle and contribute to achieving and sustaining Authority to Operate (ATO) for assigned systems. The position focuses on maintaining RMF documentation,validatingimplementation of DISA STIGs and SRGs, supporting vulnerability management activities, andassistingwith continuous monitoring and security assessmentsfor the U.S. Navy in San Diego, CA.

• Support the full RMF lifecycle for assigned systems, including development, update, and maintenance of security documentationrequiredto obtain and sustain ATO.

• Prepare and maintain RMF artifacts such as System Security Plans (SSPs), POA&Ms, security control documentation, and related evidence within repositories such aseMASS.

• Validate, document, and support implementation of DISA STIGs and Security Requirements Guides (SRGs) across operating systems, applications, databases, and network devices.

• Execute and support vulnerability management activities, including review of scan results from tools such as ACAS/Nessus, analysis of findings, and coordination of remediation efforts.

• Track identified security findings through POA&M management, ensuring issues are documented, prioritized, and resolvedin a timely manner.

• Implement and support continuous monitoring strategies to verify that deployed systemsremaincompliant and that security controls continue tooperateeffectively.

• Review system audit logs, compliance reports, and security events toidentifyanomalies, potential risks, and areas requiring corrective action.

• Support security auditing and assessment activities by preparing artifacts andevidencefor internal reviews, external inspections, and Security Control Assessor (SCA) evaluations.

• Coordinate with technical teams to resolve compliance discrepancies and strengthen system security posture.

• Establish and satisfy complex system-wide information security requirements based on analysis of user needs, policy requirements, regulatory mandates, and available resources.

• Support development and implementation of information assurance doctrine, policies, standards, and procedures for government and commercial common-user systems, as well as specialized purpose systems requiring enhanced security features.

• Provide guidance to stakeholders and team members on cybersecurity compliance requirements and best practices.

• May lead and direct the work of others and provide status updates to leadership, supervisors, or program managers.

• Bachelor27s degree in Cybersecurity, Information Technology, Information Assurance, Computer Science, or a related field

• Active Secret Clearance Required

• 5+ years of relevant experience in information assurance, cybersecurity, RMF, compliance, or a related field.

• Demonstrated experience supporting the RMF process and preparing or maintaining ATO packages.

• Experience working witheMASSor similar compliance/documentation repositories.

• Knowledge of DISA STIGs, SRGs, and security compliance practices across infrastructure and application environments.

• Experience with vulnerability scanning and analysis tools such as ACAS/Nessus.

• Familiarity with POA&M management, remediation tracking, and continuous monitoring practices.

• Experience supporting security assessments, audit readiness, and control validation activities.

• Strong understanding of cybersecurity principles, risk management, and regulatory compliance requirements.

• Ability to analyze complex security requirements and apply them across enterprise and specialized systems.