Information System Security Officer; ISSO
Listed on 2026-07-09
-
IT/Tech
Cybersecurity
Position Details
Job Title:
Information System Security Officer (ISSO)
Job Type: Full-time
Location:
Remote, MD – occasional in‑person in the DC Metro Area as necessary
Dynanet started with a focus on IT infrastructure and operations, helping organizations enhance their networks and overcome the limitations of 1990s technology. From strengthening communication channels to introducing innovative ways to collaborate and share information, Dynanet played a crucial role in shaping the early stages of digital transformation. The company’s efforts helped organizations build the very fabric of connectivity that now powers our modern world.
Over the last three decades, Dynanet has grown into a trusted partner for organizations looking to innovate boldly and transform seamlessly. While technology continues to evolve and unlock new opportunities, for nearly 30 years, Dynanet remains committed to delivering cutting‑edge solutions that drive lasting change for its customers. Through agility, foresight, and an unwavering dedication to excellence, Dynanet continues to empower organizations to thrive in a rapidly changing digital landscape.
Our story is more than just a story of technology – it’s a story of vision, growth, and transformation that has shaped the past and continues to pave the way for the future.
Serve as a hands‑on Information System Security Officer (ISSO) supporting the modernization and accreditation of applications across the Agency’s evolving cloud and on‑prem ecosystem. This role is focused on technical execution, not policy‑only oversight. The ISSO will drive SSP creation, automated ATO workflows, continuous monitoring integration, secure baseline enforcement for the Landing Zone Architecture (LZA), and the adoption of an OTEL‑first monitoring and logging platform.
By enabling evidence automation, compliance‑as‑code, and integrated security telemetry, the ISSO will strengthen application readiness, accelerate ATO timelines, and ensure continuous compliance across hybrid environments.
- Leads hands‑on SSP creation, ATO automation, and continuous monitoring integration.
- Defines and implements secure baselines, compliance‑as‑code, and OTEL‑driven monitoring patterns.
- Create full Security System Plans (SSPs) for new applications, including system boundaries, control implementation statements, architecture mapping, and inheritance models. Support, update, and maintain SSPs for existing applications through the full ATO lifecycle.
- Develop and implement automated ATO pipelines, including evidence generation, validation tasks, and CI/CD gating aligned to RMF requirements.
- Integrate continuous monitoring strategies, telemetry sources, alerting thresholds, and control‑health scoring.
- Automate evidence collection through scripts, scheduling logic, secure repositories, and structured control mappings.
- Define, maintain, and enforce secure baselines for the Landing Zone Architecture (LZA) across cloud and on‑prem environments.
- Implement and scale compliance‑as‑code, translating NIST and agency controls into machine‑testable rules and automated evaluations.
- Establish and manage an OTEL‑first platform for organization‑wide logging, metrics, tracing, APM, and compliance telemetry.
- Enable OTEL‑driven continuous compliance through real‑time signals tied to control effectiveness and evidence requirements.
- Collaborate with engineering, cloud, security, and application teams to provide hands‑on control remediation, configuration updates, and automation support.
- Partner with assessors and AOs to ensure high‑quality artifacts, timely responses, and successful accreditation reviews.
- 5–10+ years of experience in ISSO, security engineering, or RMF/FISMA compliance roles (hands‑on technical focus).
- Strong experience creating SSPs, implementing controls, and driving ATOs for cloud or hybrid systems.
- Hands‑on background with AWS, Azure, and on‑prem environments, including inheritance models and shared‑responsibility controls.
- Experience implementing continuous monitoring, SIEM integrations, telemetry pipelines, and…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).