Information Systems Security Specialist III - Secret or TS clearance required

Information Systems Security Specialist III

At PMAT, we work on mission critical systems that directly support the warfighter, designing, building, and securing modern digital capabilities across cloud, data, and software environments. Our teams tackle complex, real-world challenges where delivery matters more than theory, and innovation is driven by curiosity, collaboration, and purpose.

In this role, you'll contribute to PMW 160 Enterprise Support Services (ESS), working alongside cybersecurity, engineering, and operational stakeholders to ensure that mission-critical systems are securely designed, assessed, and authorized to operate in support of national defense.

About the role: As a technical, hands-on Information Systems Security Specialist III you will serve as a key contributor to the program's cybersecurity and risk management posture, supporting all aspects of Information Assurance (IA) and Risk Management Framework (RMF) activities for complex Navy information systems. You will work closely with engineers, system owners, and government stakeholders to develop, document, and maintain security controls and accreditation artifacts; evaluate and recommend security solutions; and help maintain an effective security posture throughout the system lifecycle. On a day-to-day basis, you will perform security control assessments, support Assessment & Authorization (A&A) activities, leverage enterprise IA tools such as eMASS and ACAS, and help ensure compliance with DoD and Navy cybersecurity policies and processes. This role is ideal for a seasoned cybersecurity professional who enjoys combining technical, analytical, and documentation skills to protect critical mission systems.

Responsibilities:

• Support all aspects of program Information Assurance (IA) and cybersecurity processes, tailored to the system and mission, under Certification & Accreditation (C&A) and/or Assessment & Authorization (A&A) frameworks.
• Apply working knowledge of the Risk Management Framework (RMF)—and, where applicable, legacy DIACAP processes—to support security categorization, control selection, implementation, assessment, authorization, and continuous monitoring activities.
• Assist with the preparation, review, and maintenance of security documentation and process artifacts (e.g., SSPs, POA&Ms, security control traceability, test results) required to obtain and maintain an Authority to Operate (ATO).
• Evaluate security solutions and technical implementations to ensure they meet security requirements for processing up to classified information in accordance with applicable DoW and Navy policies and guidance.
• Support, maintain, and in some cases supervise the operational security posture for assigned information systems or programs, including monitoring, vulnerability management, and remediation coordination.
• Utilize IA and cybersecurity tools such as DISA Enterprise Mission Assurance Support Service (eMASS) and Assured Compliance Assessment Solution (ACAS) to document, track, and report on security control implementation and system risk.
• Coordinate with system engineers, test and evaluation (T&E) teams, and Security Control Assessor (SCA) representatives to plan, execute, and document security testing and assessments.
• For more senior responsibilities, assist in the development and refinement of system security policies and ensure compliance with change management and configuration management processes.
• Plan and coordinate IT security program activities and policies in support of command leadership mission and goals, providing recommendations to improve the overall cybersecurity posture.

About Us: PMAT is an innovative small business founded with a passion for developing forward-leaning solutions from exceptional people that increase the mission's capability. We focus on designing and building impactful digital solutions that utilize modern cloud, data, and software concepts. Our passion is working on complex and progressive challenges such as edge platform computing, containerizing legacy platforms, distributed data platforms, or heterogeneous data analysis.

We recruit, retain, and foster a team motivated to pursue passions, investigate new ways of doing things, and embody an innovative and entrepreneurial spirit. We believe in being curious about every element of a problem and experiment relentlessly. We foster continuous learning in an environment that encourages positive collaboration and expands our capabilities. We tap into collective intelligence, acknowledging that the most brilliant people may not be in the room. Above all else, we believe that delivering and demonstrating is more potent than a sheet of paper. We are passionate about mission-centric design and delivering effective capabilities to and for the warfighter.

Whether you're an experienced engineer or just beginning your career, you'll work alongside experts who are committed to solving mission-critical problems. If you're passionate about using your skills to make a real difference, apply today and become part of a team that's shaping the future of defense technology!

Required Skills and Experience:

• More than five (5) years (with degree or 7+ without) of practical experience in a Cybersecurity, Engineering, Test & Evaluation (T&E), or Assessment & Authorization (A&A, formerly C&A) related field.
• Working knowledge of the Risk Management Framework (RMF) process and prior experience with DIACAP or similar legacy processes.
• Experience supporting C&A/A&A activities, including the development and maintenance of IA/security documentation (e.g., SSPs, POA&Ms, test plans, and assessment reports).
• Experience with Information Assurance tools such as DISA Enterprise Mission Assurance Support Service (eMASS) and Assured Compliance Assessment Solution (ACAS).
• Demonstrated ability to evaluate security solutions and technical implementations to ensure they meet security requirements for systems processing up to classified information.
• Experience supporting or performing security control assessment activities in coordination with SCAs, system owners, and engineering teams.
• Strong understanding of DoD and/or Navy cybersecurity policies, directives, and guidance, and how they are applied to real systems and programs.
• Ability to communicate effectively with technical and non-technical stakeholders, clearly articulating risks, findings, and recommended mitigations.

Preferred Skills and Experience:

• Experience serving as a Security Control Assessor (SCA) or holding a Full Security Control Assessor qualification.
• Experience supporting Navy or other DoW programs through full lifecycle RMF activities from initial accreditation through continuous monitoring.
• Hands-on experience with vulnerability management, patch management, and remediation tracking in operational environments.
• Experience supporting cybersecurity in conjunction with system engineering and T&E activities (e.g., test planning, execution, and reporting for security controls).
• Familiarity with secure architecture and design principles, including network segmentation, boundary protection, and defense-in-depth.
• Relevant cybersecurity certifications (e.g., Security+, CISSP, CAP, CISM, or similar).

Education and Certification Requirements:

• College degree in a technical or managerial related discipline.
• In lieu of a college degree, greater than seven (7) years of directly relevant experience in Cybersecurity, Engineering, T&E, or A&A (formerly C&A) is required.
• Industry-recognized cybersecurity certification (e.g., Security+ or higher) strongly preferred; specific certifications may be required to meet DoD 8570/8140 requirements depending on the role and environment.

Citizenship and Clearance requirements:

• US Citizenship required
• No dual citizenship
• Active Secret Clearance
• Active TS clearance preferred

Location/Address:

• San Diego, CA area strongly preferred

Travel & Passport:

• Under 20% travel, primarily CONUS, to support customer engagement, integration and test events, and team coordination.
• OCONUS travel and a valid passport may be required for specific events or mission needs, as directed by the customer.

Work Environment: PMAT offices as needed. In some cases, work in a government facility may be required. Travel may be required for customer engagement, team coordination, and potentially for business development.

PMAT is an equal-opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.