Information System Security Officer (ISSO)

Who We’re Looking For (Position Overview):This role is critical in ensuring the security posture of mission-critical applications and infrastructure across multiple network enclaves (Unclassified, Secret, Top Secret). The ISSO will be responsible for developing, maintaining, and enforcing security policies, implementing cybersecurity controls, managing Authority to Operate (ATO) documentation, and conducting continuous monitoring and risk assessments in compliance with FISMA, NIST, DOJ, and other federal mandates.

What Your Day-To-Day Looks Like (Position Responsibilities):

• Serve as the principal cybersecurity advisor to system owners and stakeholders.
• Support and manage the lifecycle of system authorization under the Risk Management Framework (RMF), ensuring timely submission and updates of ATO packages.
• Conduct vulnerability assessments using tools such as Nessus and ACSA; monitor and analyze logs and configurations using Splunk.
• Implement and assess security controls in cloud-based environments (AWS GovCloud, C2S, SC2S, Azure).
• Monitor and maintain operational security of information systems, ensuring compliance with federal and agency-specific regulations.
• Draft and maintain security documentation including:
• System Security Plan (SSP)
• Plan of Action and Milestones (POA&M)
• Information System Contingency Plan (ISCP)
• Privacy Impact Assessments (PIAs)
• Configuration Management Plans (CMPs)
• Oversee incident response and reporting, coordinating with OCIO, Security Divisions, and other federal entities as required.
• Provide audit support, including FISMA system audits and internal security reviews.
• Perform access control and account management duties, including provisioning and reviewing permissions across systems.
• Advise development and operations teams on security best practices throughout system design, deployment, and maintenance.
• Manage and maintain cloud-native and third-party security tools for vulnerability management, compliance, and threat detection.
• Contribute to change management processes and agile development practices to ensure integration of security into all phases of development.

What You Need to Succeed (Minimum Requirements):

• TS/SCI Clearance
• 8 years of experience requied.
• Extensive experience with federal cybersecurity frameworks, including RMF, NIST 800-53, CNSS, and FISMA.
• Experience supporting cloud security in environments such as AWS GovCloud, C2S, SC2S, and Microsoft Azure.
• Hands-on experience with vulnerability assessment and configuration tools such as Nessus, ACSA, and Splunk.
• Experience supporting audits and ATO processes in a federal environment.
• Familiarity with scripting (e.g., PowerShell, Python) for automation and log analysis.
• Experience working with and securing Cross Domain Solutions such as Everfox or Forcepoint.
• Strong knowledge of endpoint protection and antivirus solutions, including Microsoft Defender.
• Familiarity with log management, monitoring tools, and network security protocols.
• Working knowledge of agile and DevSecOps methodologies and related tools (e.g., JIRA, Confluence, GitLab, Jenkins).

Ideally, You Also Have (Preferred Qualifications):

• Certifications: CISSP, CISM, CAP, Security+, AWS Certified Security – Specialty, or other relevant certifications.
• Experience in a high-side or multi-enclave (U/S/TS) environment.
• Experience working with Agile development teams and CI/CD pipelines.
• Familiarity with Infrastructure as Code (IaC) and cloud configuration management tools (e.g., Terraform, Ansible).