Information System Security Engineer (ISSE)

Overview: CommIT Enterprises, Inc. is seeking an Information System Security Engineer (ISSE) to support government customer environments. This position is based in Charleston, SC but can be remote. This role blends handson cybersecurity engineering, security compliance support, and Risk Management Framework (RMF) activities with close collaboration across software development, DevSecOps, and system administration teams. The ISSE will work directly with the Information System Security Manager (ISSM) to ensure security controls, assessments, and authorization activities are executed effectively throughout the Software Development Life Cycle (SDLC). The position includes responsibility for supporting the Authorization to Operate (ATO) process within RAISE pipelines, reviewing security-related development artifacts, and evaluating CI/CD security outputs such as SAST, DAST, SBOMs, and CVSS scoring. As customer adoption of the RPOC platform grows, the ISSE will play a critical role in scaling security support and ensuring consistent, compliant implementation across all application teams. Established in 2001, CommIT is a Certified Veteran-Owned Small Business (CVOSB) providing innovative technical engineering and data science services. Our enterprise systems support includes the Department of Defense’s (DoD) GCSS-MC, CAC2S, TBMCS-MC, and the Department of Veteran’s Affairs’ (VA) telehealth communications. We offer acquisition management, systems engineering, Agile software development, cloud management, IT modernization, data analytics, cybersecurity, and training, including leading-edge DevSecOps, automated testing, and mobile application development. Responsibilities: Your essential job functions will include but may not be limited to- Support the ISSM in managing security requirements, documentation, and securityfocused engineering decisions throughout the SDLC, including Gitbased development workflows. Review Merge/Pull Requests for security implications, control compliance, and adherence to secure coding and configuration standards. Analyze CI/CD pipeline security outputs, including: – Static Application Security Testing (SAST) results – Dynamic Application Security Testing (DAST) results – Software Bill of Materials (SBOM) findings – CVSS scoring and vulnerability impact assessment Support the execution and maintenance of the RAISE ATO pipeline, ensuring security control assessments align with mission and compliance requirements. Assist in preparing, updating, and maintaining RMFaligned authorization documentation. Perform continuous security monitoring activities and support incident response collaboration as needed. Assist development, DevSecOps, and operations teams in interpreting security findings and determining secure technical paths forward. Participate in technical discussions to ensure systems, functionalities, and updates integrate appropriate security controls. Provide engineeringlevel troubleshooting related to security configurations, findings, and system behavior. Contribute to the development and refinement of documentation for security processes, workflows, and compliance evidence. Support audits, generate security artifacts, and prepare evidence packages as directed by the ISSM. Scale support activities as customer adoption of the RPOC platform increases. Qualifications: Required Experience and Education: Master’s degree with 8 years of experience (or Bachelors with 10 years of experience) in Computer Science, Software Engineering, Computer Engineering, Mathematics or relevant field. Degree may be substituted with additional relevant industry experience and / or industry accepted training and certification. Experience with SDLC, secure coding considerations, and security review of development artifacts. Experience supporting ATO packages, RMF activities, or operational cybersecurity engineering roles is preferred. Experience supporting DoD or federal enterprise systems Familiarity with audit frameworks (RMF, NIST 800‑53, CMMC, etc.) Knowledge of RPOC workflows, security requirements, and its role in the ATO/RAISE pipeline process Experience reviewing or interpreting security outputs from CI/CD pipelines. Understanding of secure software development practices, Git workflows, and DevSecOps tooling. Strong analytical and communication skills for explaining security implications to technical and nontechnical stakeholders. Ability to adapt quickly to shifting priorities and support multiple application teams as the environment scales. Security Requirements: Secret Clearance with the ability to obtain a T5 Security+ CE Equal Opportunity Employer: CommIT Enterprises, Inc. is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.