Information Systems Security Officer (ISSO)

Looking for an exciting opportunity to make an impact as an Information Systems Security Officer (ISSO)? Leidos is looking for an ISSO for a primarily hybrid position supporting the Federal Trade Commission (FTC) Task Order 4 (TO-4) program. This position shall have detail knowledge and expertise required to manage the overall security aspect of Information System including policies, processes, procedures, laws and regulations; create, document and implement various security plans and continuous monitoring documents to enforce Information Assurance principles.
 

Primary Responsibilities:

• Work closely with the Information Systems Security Manager (ISSM) and SO to drive information assurance initiatives, including security authorization activities, compliance with Risk Management Framework (RMF) policies, and the development of System Security Plans (SSPs).

• Perform risk analysis for system changes, contribute to the Risk Management Framework process, and recommend security solutions to address any identified gaps. Create and review documentation to support Systems Security Plans (SSPs), Risk Assessment Reports

• Partner with government customers to support Continuous Monitoring (ConMon) activities and ensure timely vulnerability remediation.

• As the Information Systems Security Officer (ISSO) the individual will work closely with Government Agency and Offices to generate and maintain security documentation to include System Security Plans, Risk Assessment Reports, Privileged/General User Access Review, and Plan of Action and Milestones (POAM) for Controlled Unclassified Information Systems.

• Coordinate with relevant stakeholders to achieve and maintain the information systems' compliance and ATOs/ATUs.

• Provide a high level of support for internal/external audit, CISA/DHS Data calls and Metrix

• Develop, coordinate, test, and train staff/contractors on Contingency Plans (CP) and Disaster Recovery Plans (DRP).

• Maintain operational security posture for an information system or program to ensure information systems security design, implementation, implementation, implementation, management and review of policies, standards, baselines, procedures, and guidelines are established and followed.

• Identify, manage, and monitor POA&Ms, work with various teams and stakeholders to close POAMs in a timely manner. Provide guidance through remediation as well as develop corrective action plans for each POA&Ms.

• Provide configuration management (CM) for information system security software, hardware, and firmware; manage changes to system and assess the security impact of those changes.

• Work with multiple teams and client project team members and establish and maintain a strong customer-focused working relationship. Assist the System Owner operate the system as securely as possible to fulfill mission requirements.

• Reviewing operating system, application, and database security baseline configuration documentation to ensure compliance with agency hardening guidelines.

• Reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations

• Reviewing vulnerability scan results, risk-based prioritization to mitigate the vulnerabilities and provide the overall risk exposure to ISSM and SO

Basic Qualifications:

• Active Certified Information Systems Security Professional (CISSP) certification.

• Bachelor’s degree (or equivalent) and 4+ years of relevant experience.

• Minimum 3 years’ experience working as ISSO for FISMA and FEDRAMP systems

• Demonstrated experience with the Risk Management Framework (RMF), Federal Information Security Management Act (FISMA), FEDRAMP and National Institute of Standards and Technology (NIST) Special Publications including NIST 800-171, NIST 800-53, SP 800-34, SP 800-137, FIPS 199/200.

• Superior writing, communication, and critical analysis skills, must be comfortable in customer facing role and maintaining customer relationship

• Ability to work independently and as part of the team during the customer’s business hours

• Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures.

• Hands-on experience supporting vulnerability management program, track and reporting vuln mitigation plan with stakeholders

• Must be a US Citizen and able to obtain and maintain a Public Trust security clearance.

Preferred Qualifications:

• Knowledge of various security tools, including vulnerability scanning, CSAM, Application whitelisting, Privileged Access Management

• Operating knowledge of Windows/Linux operating systems, network devices, firewalls, TCP/IP ports and protocols and cloud security.

• Experience with CIS/STIG security benchmarks

In 2025, Leidos was ranked as one of the “World's Most Ethical Companies” by the Ethisphere Institute for the eight consecutive year.

Original Posting:

April 28, 2025

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $85,150.00 - $153,925.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.