Posted 2 days ago
Top Secret
Unspecified
Unspecified
IT - Security
(On-Site/Office)
Position Title: Security Engineer IV
Position Purpose
Marathon TS is looking for a Security Engineer IV that supports the DoD by providing senior-level security engineering expertise for Risk Management Framework (RMF) authorization, continuous monitoring, and sustainment activities. This role ensures JTMS capabilities operate in compliance with DoD cybersecurity policies within a cloud-based DevSecOps environment, enabling secure, authorized, and mission-reliable system operations.
What Success Looks Like
Success is demonstrated through timely, accurate RMF artifacts; well-managed eMASS records; and security controls that withstand audits and assessments. The Security Engineer is trusted by government stakeholders to anticipate risks, recommend practical mitigations, and maintain authorization posture while enabling development and operational teams to deliver capabilities without disruption.
Key Responsibilities
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").
#CJJOBS
Position Purpose
Marathon TS is looking for a Security Engineer IV that supports the DoD by providing senior-level security engineering expertise for Risk Management Framework (RMF) authorization, continuous monitoring, and sustainment activities. This role ensures JTMS capabilities operate in compliance with DoD cybersecurity policies within a cloud-based DevSecOps environment, enabling secure, authorized, and mission-reliable system operations.
What Success Looks Like
Success is demonstrated through timely, accurate RMF artifacts; well-managed eMASS records; and security controls that withstand audits and assessments. The Security Engineer is trusted by government stakeholders to anticipate risks, recommend practical mitigations, and maintain authorization posture while enabling development and operational teams to deliver capabilities without disruption.
Key Responsibilities
- Develop, review, and maintain RMF artifacts and system authorization documentation supporting accreditation and sustainment.
- Manage eMASS entries, security control evidence, and Plans of Action and Milestones (POA&Ms).
- Conduct vulnerability assessments, analyze findings, and recommend risk-based mitigations.
- Support integration of security controls and best practices within a DevSecOps delivery environment.
- Coordinate security activities with Government stakeholders, DISA, and contractor security teams.
- Support audits, security assessments, technical reviews, and authorization decision activities.
- Translate technical security requirements and risks into clear, actionable information for non-technical stakeholders
- Bachelor's degree or equivalent relevant experience.
- Active SECRET clearance.
- Minimum of seven (7) years of cybersecurity or security engineering experience.
- One or more of the following certifications: CCISO, CISA, CISM, CISSP, CISSP-ISSEP, CySA+, GSLC, or GSNA.
- Demonstrated hands-on experience with RMF and eMASS.
- Experience with STIG implementation, vulnerability scanning, and POA&M management.
- Experience working across technical, functional, financial, and administrative teams.
- Ability to clearly communicate complex security concepts to both technical and non-technical audiences.
- Experience supporting or implementing ERP solutions delivered via a SaaS model in a DoD or Federal environment.
- Knowledge of ERP-driven business process reengineering and configuration-based solution design.
- Experience with system integration, data migration, and master data management in ERP environments.
- Familiarity with RMF, cloud security, and FedRAMP considerations for SaaS solutions.
- Experience supporting Agile or SAFe governance for COTS/SaaS implementations.
- Cloud security experience in environments such as AWS, Azure GCC High, or similar.
- Experience supporting joint or enterprise DoD systems.
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").
#CJJOBS
group id: 10362312
