Information System Security Officer (ISSO)

Who We’re Looking For (Position Overview):This role is critical in ensuring the security posture of mission-critical applications and infrastructure across multiple network enclaves (Unclassified, Secret, Top Secret). The ISSO will be responsible for developing, maintaining, and enforcing security policies, implementing cybersecurity controls, managing Authority to Operate (ATO) documentation, and conducting continuous monitoring and risk assessments in compliance with FISMA, NIST, DOJ, and other federal mandates.What Your Day-To-Day Looks Like (Position Responsibilities):Serve as the principal cybersecurity advisor to system owners and stakeholdersDesign, analyze, and test of information security systems, products, cloud architectures and cloud solutionsProvide recommendations and/or alternatives to mitigate impact of system security boundary changes as part of any potential re-architecting and/or re-design activitiesDevelop, implement, and evaluate security controls, measures, and frameworks in cloud-based systems to ensure data integrity, confidentiality, and availabilityPerform risk analysis, vulnerability assessments, and security audits to identify and address potential weaknesses in cloud environmentsFollow all appropriate security authorization process for requesting and maintaining an Authority to Operate (ATO)Responsible for ensuring operational security is maintained for assigned information systemsEnsure systems are operated, maintained, disposed of in accordance with security policies and practicesPerform Security Incident Reporting and ResponseCoordinate with the Office of the Chief Information Officer (OCIO), Security Division, and others to provide documentation to the system Certification and Accreditation processEnsure audits and reviews are responded to with accurate informationPerform system access control responsibilitiesParticipate in the change management process for assigned applicationsWork with Product Owner, Product Manager, OCIO, Security Division, and other stakeholders to ensure security concerns are addressed during all phases of system lifecyclePerform continuous system security monitoringImplement and manage cloud-native and third-party security tools for monitoring, threat detection and vulnerability managementAct as a SME on Cloud Security while applying methods, standards, and approaches for ensuring the baseline security safeguards are appropriately implemented and documentedProvides reports to superiors regarding effectiveness of data security and makes recommendations for the adoption of new proceduresDraft and keep updated information security documentation to include System Security Plan, Information System Contingency Plan, Plan of Actions and Milestones (POA&M), Privacy Threat Assessment, Privacy Impact Assessment, and Configuration Management PlanResponsible for ensuring the implementation and maintenance of annual security controls assessmentsAssist with FISMA System audits as necessary. Leverage necessary vulnerability assessment and scanning tools including Nessus and ACSA to identify vulnerabilities, Splunk tools to monitor, detect and rectify misconfigurationsWorking directly with development, platform, and infrastructure teams on security problemsWhat You Need to Succeed (Minimum Requirements):Top Secret (TS) Clearance with SCI eligibility3 - 5 years of experience requiredExtensive experience with federal cybersecurity frameworks, including RMF, NIST 800-53, CNSS, and FISMAExperience supporting cloud security in environments such as AWS GovCloud, C2S, SC2S, and Microsoft AzureAnalyze logs using Splunk and AWS toolsHands-on experience with vulnerability assessment and configuration tools such as Nessus, ACSA, and SplunkWork with GRC tools such as Xacta/JCAMHold at least one of the following security certifications. Example: Security +, CGRC, CASP, CISSPExperience using Atlassian suite tools such as JIRA/CONFLUENCEExperience with Agile Methodologies/SAFeExpertise on Information Security Principles, processes and guidelinesAble to obtain and maintain an Authority to Operate (ATO) for Information SystemsExperience with scanning tools such as Tenable NessusAbility to work on multiple projects with various timelines, at times very short deadlinesIdeally, You Also Have (Preferred Qualifications):Certifications: CISSP, CISM, CAP, Security+, AWS Certified Security - Specialty, or other relevant certificationsExperience in a high-side or multi-enclave (U/S/TS) environmentExperience working with Agile development teams and CI/CD pipelinesFamiliarity with Infrastructure as Code (IaC) and cloud configuration management tools (e.g., Terraform, Ansible)Familiarity with NIST 800-53 Rev. 5We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.