Additional Information
Torch Technologies
Thank you for your interest in employment with Torch Technologies. We are a 100% employee-owned, Certified Great Place To Work and named Best Places to Work in Huntsville/Madison County, headquartered in Huntsville, AL. Our team provides superior research, development, and engineering services to the Federal Government and Department of War. As one of the nation's top 100 defense companies, the services we provide directly support the men and women who serve our country. Our corporate mission sums up the pride our employee-owners take in the work we do: "Lighting the Pathway of Freedom". And, as a Certified Evergreen ESOP, we have made the commitment to grow and sustain our company for the next 100 years! Come grow with us!
Torch Technologies is seeking an experienced and mission-focused Principal Cybersecurity Engineer (ISSE) to lead the security engineering efforts for a critical Department of War (DoW) system operating at the Top Secret and Special Access Required (SAR) levels. The primary and overriding responsibility of this role is to serve as the technical lead for achieving and maintaining the system's Authority to Operate (ATO).
You will be the core subject matter expert for all security control implementation, validation, and documentation. You will translate the complex requirements of the Risk Management Framework (RMF) and the Joint Special Access Program (SAP) Implementation Guide (JSIG) into a tangible, defensible security posture. This is a hands-on engineering role for a cybersecurity expert who excels at navigating the complexities of the DoW accreditation process.
As a Cybersecurity Engineer your duties will include the following, but are not limited to:
Lead all technical security activities required to prepare the system for its formal security assessment and authorization.
Engineer, implement, and validate the technical security controls required by NIST SP 800-53 and as tailored by the JSIG. This includes hands-on hardening of operating systems, network devices, applications, and databases in accordance with DISA STIGs.
Author, compile, and maintain the complete RMF security documentation package. This includes creating and managing the System Security Plan (SSP), system diagrams, hardware/software lists, and detailed descriptions of control implementations.
Manage the system's security posture by conducting vulnerability scans with tools like ACAS, analyzing results, and leading remediation efforts with the system administration team.
Act as the primary technical point of contact during security control assessments. You will be responsible for demonstrating control effectiveness to government assessors and defending the system's security design.
Develop and execute a robust continuous monitoring strategy to ensure the system remains compliant and secure post-ATO, including analyzing audit logs and responding to security events.
Required Qualifications:
U.S. Citizenship
Bachelor's Degree in Computer Science, or a related field or equivalent experience
10+ years in cybersecurity/information assurance, with at least 5 years in a hands-on ISSE role.
TS Clearance is required.
Experience leading a DoD system through the full RMF lifecycle to successfully achieve an ATO at the TS//SAR level. You must be able to speak authoritatively on this process from start to finish.
Demonstrable, in-depth experience implementing and validating controls under the JSIG.
Must meet DoD 8140 IASAE Level II or III requirements.
Expert-level knowledge of RMF, JSIG, NIST SP 800-53, and DISA STIGs.
Proficiency with security tools such as ACAS/Nessus, SCAP Compliance Checker (SCC), and SIEM solutions.
Strong technical understanding of operating systems (Windows/Linux), networking concepts, and virtualization.
Starfish · Schriever Sfb, CO