×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Information Systems Security Officer - Citadel

Job in Fort Meade, Anne Arundel County, Maryland, USA
Listing for: Semper Valens Solutions
Full Time position
Listed on 2026-01-03
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Information Systems Security Officer

Full Time Ft. Meade, MD

Secret clearance

Referral bonus: $1,000

Semper Valens Solutions is seeking a Security Analyst to join our cybersecurity team as an Information Systems Security Officer (ISSO). The ideal candidate will hold a Certified Information Systems Auditor (CISA) or Security Plus certification and possess a hands‑on understanding of information security practices, risk management, and compliance. You will lead in the implementation, maintenance, and enforcement of security policies to protect sensitive data and ensure compliance with applicable regulations and standards.

Duties

and Responsibilities

Responsible for continuous monitoring activities for systems to include monitoring for security threats, performing access reviews, reviewing and developing mitigation for vulnerability assessment reports, and proposing enhancements for systems security.

  • Support security operations centers (or similar capabilities) in supporting system reviews and potential incident investigations.
  • Maintain knowledge of the security architecture and the business purpose of systems.
  • Document and maintain knowledge of all relevant NIST 800‑53 controls for each IT system for which the ISSO is responsible.
  • Update SSPs semi‑annually and document any changes.
  • Certify the accuracy of continuous monitoring information for assigned systems.
  • Advise on proposed architecture or configuration changes using the established change and configuration management process.
  • Certify software planned to be introduced to the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment.
  • Support the agency on periodic internal and external audits including support for the execution of identified corrective action plans as needed.
  • Evaluate and advise on all access requests for privileged accounts to IT systems.
  • Support and produce any artifacts that are required for Ongoing Authorization and the NIST Cyber Security Framework (CSF).
Essential duties and responsibilities include the following: (Other duties may be assigned)
  • Perform certification assessments for assigned programs to include review of change requests; review of ports, protocols, and services; whitelist requests; self‑assessments results; statements of compliance; scan and STIG reviews; systems security plans; cybersecurity control evidence and artifacts; and on‑site review results.
  • Attend weekly training sessions and staff meetings to gain an understanding of changes or clarifications to procedures.
  • Required to use a variety of tools to include the Government provided resourcing tool (used to execute and on‑site review), eMASS (for control reviews), Requirement Tracking System (RTS) (to submit actions for review/signature). Other tools that will be used include the PPSM database, Whitelist Tool, DoD Information Technology Portfolio Repository (DITPR), and RMF Knowledge Service.
  • Conduct security architecture reviews to ensure that the program's architecture is in compliance with STIG requirements and best practices. This technical analysis will be considered in the risk analysis and documented/included in the certification recommendation.
  • Develop customized checklists based on the security architecture, special purpose equipment, type accredited deployment guides, Unified Capabilities Approved Product List deployment guides, and required ancillary equipment.
  • Analyze Plans of Action and Milestones (POA&M) and mitigation plans for unresolved findings to determine residual risk. This shall include reviewing and analyzing submitted POA&M with detailed technical justification and references for mitigations and determining if the proposed solution is adequate mitigation for approval. This technical analysis shall be documented/included in the statement of residual risk.
  • Conduct a Risk Assessment to analyze threats to and vulnerabilities of an information system and the potential impact that the loss of information or capabilities of a system would have on the user communities and the mission of the organization. The resulting analysis is used as a basis for identifying appropriate…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search