Information Systems Security Officer

About the job Information Systems Security Officer

Location: Maryland

Clearance Required: Active TS/SCI with Full Scope Polygraph

Citizenship: U.S. Citizenship Required.

The ideal candidate will possess strong RMF expertise, experience working with cybersecurity compliance and assessment tools, and the ability to collaborate effectively with System Administrators, System Owners, Information System Security Managers (ISSMs), and Government stakeholders.

• Support the full Risk Management Framework (RMF) lifecycle for classified information systems.
• Develop, maintain, and update RMF documentation and security authorization packages.
• Coordinate activities required to obtain and maintain Authority to Operate (ATO) approvals.
• Conduct security control assessments and compliance reviews.
• Monitor and track vulnerabilities, findings, and remediation efforts.
• Support Continuous Monitoring (Con Mon) activities and ongoing security assessments.
• Review system configurations and scan results to ensure compliance with security requirements.
• Collaborate with System Administrators and System Owners to implement and maintain security controls.
• Monitor privileged user activities and support oversight requirements.
• Participate in security audits, inspections, and cybersecurity reviews.
• Provide recommendations for risk mitigation and system security improvements.

• Active TS/SCI with Full Scope Polygraph security clearance.
• Experience supporting Information Assurance, Cybersecurity, or ISSO activities within classified environments.
• Strong understanding of the Risk Management Framework (RMF) process.
• Knowledge of:
  • Authority to Operate (ATO) processes
  • Security Control implementation and assessment
  • Continuous Monitoring (Con Mon)
  • Risk assessment methodologies
• Experience with RMF and cybersecurity compliance tools, including:
  • LATTEART
  • XACTA
  • BISCOTTI
  • WATCHCAT
  • STE
• Experience with compliance and configuration scanning tools.
• Familiarity with:
  • NIST SP 800-53 Revision 3 and/or Revision 5
  • NIST SP 800-37
• Strong written and verbal communication skills.
• Ability to work independently and collaboratively in a mission-focused environment.

Candidates should have experience developing, reviewing, or maintaining security documentation, including:

• System Security Plans (SSP)
• Plans of Action and Milestones (POA&M)
• Security Plan Findings (SPFs) and Exception Documentation
• Business Impact Assessments (BIA)
• After Action Reports (AAR)
• Security Assessment Reports (SAR)

• Experience supporting classified Government systems.
• Familiarity with auditing and compliance requirements.
• Experience coordinating with Authorizing Officials, Security Control Assessors, ISSMs, and System Owners.
• Understanding of vulnerability management and remediation processes.
• Knowledge of system administration concepts and operating system security.
• Security certifications such as:
  • CompTIA Security+
  • CISSP
  • CAP
  • CASP+
  • CISM

• Strong attention to detail.
• Excellent organizational skills.
• Effective communication and collaboration abilities.
• Sound risk-based decision-making.
• Ability to balance mission requirements with cybersecurity compliance.
• A proactive approach to identifying and mitigating security risks.

• Medical and Dental Coverage
• Short-Term Disability (STD)
• Long-Term Disability (LTD)
• Life Insurance
• 401(k) with up to 4% Company Match