Information System Security Manager; ISSO

Company Overview

Hexagon US Federal is a proxy-governed subsidiary of Hexagon AB providing an ever expanding portfolio of Hexagon Technologies to U.S. Federal Government organizations, including defense and intelligence agencies to meet a variety of mission requirements. With our unique capabilities and experience we transform state-of-the-art commercial technology into mission-specific solutions for our customers, partnering with them to solve their most challenging problems.

Employees: 200

Operating Locations:
Chantilly, VA (HQ);
Huntsville, AL;
Lanham, MD, and other client sites across the US

As an Information System Security Officer at Hexagon US Federal, you will be expected to manage and oversee the cybersecurity risk management lifecycle of mission-critical, life-safety information systems across the DoD environment.

• Ensure that systems comply with DoD 8500-series directives, NIST SP 800-53 controls, and other applicable federal security requirements.
• Monitor and enforce compliance with established security methodologies across all phases of system operations.
• Create and maintain comprehensive policies and procedures that detail security controls and system boundaries.
• Identify, document, and manage system vulnerabilities and mitigation strategies in POA&Ms.
• Act as a liaison between cybersecurity and technical teams to interpret and implement security controls effectively.
• Support engineering teams in ensuring that security requirements are appropriately addressed throughout the system lifecycle.
• Collaborate with Authorizing Officials (AOs), Security Control Assessors (SCAs), and other key personnel throughout the Assessment and Authorization (A&A) process.
• Participate in Security Control Assessments (SCAs), accreditation meetings, and compliance briefings.
• Prepare and submit required security documentation and artifacts for internal and external audits.
• On-call Support and Maintenance:
  Periodically provide after-hours emergency support.
• Perform other tasks as directed.

• Enjoy managing system security and compliance in support of mission-critical environments.
• Possess a strong understanding of RMF and DoD cybersecurity policy (NIST SP 800-53, CNSSI 1253, DoDI 8510.01).
• Are a skilled communicator and can interface between technical staff and government stakeholders.
• Are highly organized and capable of maintaining comprehensive security documentation through various environments.
• Exhibit sound judgment and uphold high ethical standards.
• Work well in a team-based, geographically diverse environment.
• Can thrive in a fast-paced, ever-changing, scrum operations-based environment directly supporting our nation's public-safety infrastructure.

• Bachelor's degree in cybersecurity, information assurance, computer science, or a related field, with 5-8 years of experience in cybersecurity, information system security, or ISSO-related roles.
• Security+ certification is required; advanced certifications such as CISSP, CASP+, or CISM are strongly preferred.
• Demonstrated experience working within the Risk Management Framework (RMF), including control implementation, assessment, and authorization processes.
• Proficiency with key tools and platforms, including eMASS, STIGs/STIG Viewer, ACAS (Nessus/Tenable), and vulnerability scanning/assessment tools.
• Hands‑on experience leading or supporting NIST SP 800‑53 Rev 5 control implementation and tailoring activities to align with system requirements.
• Strong understanding of the Authorization to Operate (ATO) process, including the development and maintenance of Plan of Action and Milestones (POA&Ms) and other required RMF artifacts.
• In‑depth knowledge of eMASS package creation and lifecycle management, from system inception through decommissioning, is highly desirable.
• Familiarity with FedRAMP controls and cloud security frameworks (AWS, Azure, or hybrid cloud environments) is a plus.
• Understanding of mobile system accreditation processes, including policies and compliance requirements, is…