Information System Security Officer

Overview

LMI is seeking an Information System Security Officer (Application) to support cybersecurity operations for the U.S. Army Center for Initial Military Training’s (CIMT) Holistic Health & Fitness Management System (H2

FMS). H2

FMS is a secure analytics environment operating in Army Gov Cloud that integrates the vendor-provided H2F data capture application with cloud hosting, data pipelines, machine-learning models, and user-facing dashboards.
This position requires the ability to obtain and maintain a Secret clearance. You must be a U.S. citizen.

The Application ISSO is responsible for supporting RMF and continuous ATO activities relating to application-level security, ensuring secure integration, secure software interfaces, application configuration compliance, and evidence collection for cybersecurity packages. This role works closely with the Senior ISSM, Dev Sec Ops  Engineers, Software Developers, Cloud team, Cyber Engineers, and Army AO/AODR stakeholders.

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.

Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors—helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.

• Support application-focused RMF activities, including security control evidence gathering, testing, updates, and continuous monitoring.
• Assist in creating and maintaining application-level artifacts in the System Security Plan (SSP).
• Conduct application-level security control assessments and assist in POA&M updates.
• Validate secure integration between the vendor H2F application and H2
  
  FMS APIs, data services, and endpoints.
• Review application configurations for compliance with Army cybersecurity policy, STIGs, and Zero Trust requirements.
• Ensure encryption, access controls, and secure coding best practices are implemented and documented.
• Conduct vulnerability scanning, application security reviews, dependency checks, and static/dynamic testing.
• Work with Dev Sec Ops  to integrate automated scanning (SAST, SCA, container scans) into CI/CD pipelines.
• Document and track findings; support timely remediation activities.
• Review application logs, SIEM alerts, and API audit trails for anomalous activity.
• Assist in incident investigation, documentation, and response activities.
• Ensure application events meet continuous monitoring standards for cATO.
• Maintain application-level cybersecurity documentation and assist with audit preparation.
• Support generation of compliance reports, updates to RMF artifacts, and responses to cybersecurity inquiries.
• Collaborate with the ISSM to maintain a complete and accurate cybersecurity evidence package.
• Participate in sprint ceremonies, backlog refinement, and technical design discussions.
• Provide cybersecurity input on application features, user stories, and acceptance criteria.

• Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, Engineering, or related field.
• 3–6 years of cybersecurity experience, including supporting applications in secure environments.
• Familiarity with RMF, DISA STIGs, security controls, and continuous monitoring.
• Experience with application security practices (secure coding, API security, OWASP principles).
• DoW 8140 elevated privileges certification (Security+, CySA+, CCNA Security, etc.).
• Ability to obtain and maintain a Secret clearance. You must be a U.S. citizen.
• Location:
  
  Remote.
• Travel:
  Up to 1–2 trips per quarter to Fort Eustis, VA or LMI HQ in Tysons, VA.

• Experience supporting DoW software systems or cloud-hosted applications.
• Familiarity with Dev Sec Ops  tool chains and CI/CD security scanning.
• Experience supporting ATO or cATO packages.
• Experience with Army cybersecurity policy and governance.

Target salary range:$90,270 - $155,000

The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances.