Senior Information System Security Officer; ISSO

Security Clearance

Top Secret w/ CI Polygraph

Fredericksburg, VA

Full-Time

$100,000 - $130,000

This represents the potential salary range for this position depending on education level, years of experience and/or certifications in addition to other position specific requirements which may impact salary

The Information System Security Officer shall have at least seven (7) years of experience as an ISSO and be in charge of all security required documentation in order to maintain the customer network's Authority To Operate (ATO). They shall possess expertise with the agency's chosen GRC application (Xacta), experience with FISMA controls, and be able to perform periodic vulnerability and SCAP scans utilizing Nessus.

The ISSO shall also be responsible for managing and approving all IT security documentation (i.e., System Security Plans, Rules of Behavior, POAMs, etc.).

• Governance & Compliance
  • Ensure information systems comply with FISMA, NIST RMF (SP 800-37), SP 800-53, and agency-specific security requirements.
  • Maintain and enforce system security policies, procedures, and standards.
  • Support Authority to Operate (ATO) processes, including continuous authorization.
  • Identify, document, and assess system security risks and vulnerabilities.
• Risk Management
  • Develop, track, and manage Plans of Action and Milestones (POA&Ms).
  • Conduct and support periodic risk assessments and security impact analyses.
  • Have experience evaluating STIG compliance.
• System Security Documentation
  • Ensure documentation remains current and reflects system changes.
  • Develop, review, and maintain security artifacts, including:
    • System Security Plans (SSPs)
    • Security Assessment Reports (SARs)
    • Contingency Plans (CPs)
    • Incident Response Plans (IRPs)
• Continuous Monitoring
  • Implement and manage continuous monitoring activities.
  • Review security control effectiveness and coordinate periodic control assessments.
  • Monitor vulnerability scan results and ensure timely remediation.
• Incident Response & Reporting
  • Support detection, analysis, containment, and reporting of security incidents.
  • Coordinate incident response activities with SOCs, ISSMs, and government stakeholders.
  • Ensure incidents are reported in accordance with contract and agency timelines.
• Configuration & Change Management
  • Review and approve security-relevant system changes.
  • Participate in Change Control Boards (CCBs) to ensure security impacts are assessed.
  • Ensure secure configuration baselines are established and maintained.
• Access Control & Account Management
  • Ensure proper user access controls, least privilege, and account lifecycle management.
  • Review privileged access and audit logs for suspicious activity.
  • Enforce multi-factor authentication and identity management requirements.
• Security Awareness & Training
  • Ensure users complete required security awareness and role-based training.
  • Provide system-specific security guidance to administrators and users.
• Coordination & Communication
  • Serve as the primary security liaison between the contractor, government ISSM, and system owners.
  • Support audits, inspections, and assessments by government or third-party assessors.
  • Brief leadership on system security posture and risk status.

Bachelor’s Degree or equivalent specialized experience in Information Technology or a degree in an information security related discipline.

• Bachelor’s Degree or equivalent specialized experience in Information Technology or a degree in an information security related discipline.

• Nessus
• CompTIA Security+

• Certified Information Systems Security Professional (CISSP)
• CompTIA Network+