Senior Information Systems Security Officer

Job

Location: Springfield, VA, US

Date Posted:

Category: Cyber

Subcategory: Cyber Engineer

Schedule: Full-Time

Shift: Day Job

Travel: Yes - 10% of the time

Minimum Clearance Required:

Clearance Level Must Be Able to Obtain: TS/SCI

Potential for Remote Work: _SITE

Description

SAIC is seeking a motivated and skilled Senior Information Systems Security Officer (ISSO) to support cybersecurity and compliance activities for mission-critical IT systems on the MAJESTIC Joint Program Office (JPO) Team. In this role, the ISSO will be responsible for implementing, managing, and assessing system security controls to ensure compliance with government regulations, standards, and best practices, including NIST 800-53, RMF, and other federal security policies.

The ideal candidate will work closely with system owners, administrators, and cross-functional security teams to assess risks, maintain security postures, and ensure the confidentiality, integrity, and availability of information systems that support the mission. This role requires on-site support in Springfield, VA.

Key Responsibilities:

• Ensure compliance with Risk Management Framework (RMF) requirements by developing, maintaining, and assessing system security artifacts, including System Security Plans (SSPs), POA&Ms, and applicable policies and procedures.
• Implement and validate security controls in alignment with NIST 800-53, associated overlays, and system-specific requirements.
• Support the Accreditation and Authorization (A&A) process, including preparing documentation and achieving and maintaining system Authority to Operate (ATO) status.
• Conduct risk assessments and vulnerability analysis, identify potential threats and weaknesses, and provide recommendations for mitigation.
• Work with IT teams to implement system hardening for platforms, applications, and networks in compliance with DISA STIGs and cybersecurity best practices.
• Perform continuous monitoring of systems using tools such as Splunk, ACAS, or Solar Winds, ensuring real-time threat detection, event notifications, and security compliance validation.
• Collaborate with cross-functional teams, including system administrators, developers, and ISSMs, to address security risks, system vulnerabilities, and security incidents.
• Support incident response activities by conducting forensic analysis, generating reports, and coordinating efforts to remediate and recover from security events.
• Provide cybersecurity awareness training for users and team members to ensure adherence to organizational security requirements and best practices.
• Prepare and deliver security status updates, risk reports, and briefings to senior stakeholders and leadership.
• Develop and maintain system documentation, including security control implementation descriptions, policies, and SOPs.

Qualifications

Required Qualifications:

Education:

• Bachelor's Degree

Certifications (CWF Requirements):

• Candidates must satisfy Cybersecurity Workforce Framework (CWF) (Cyber Defense Analyst) or 531 (Cyber Defense Auditor, Intermediate Level) requirements, as outlined by Navy COOL .
  This requirement can be met by possessing one or more of the following qualifying certifications:
• Certified Ethical Hacker (CEH/Practical)
• CompTIA Cloud+
• CompTIA Pen Test+
• CompTIA Security+
• Federal IT Security Professional-Operator-NG (FITSP-O)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Continuous Monitoring Certification (GMON)
• GIAC Defensible Security Architecture (GDSA)
• GIAC Response and Industrial Defense (GRID)
• GIAC Security Essentials Certification (GSEC)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Essentials Certification (GSEC)
• Rocheston Certified Cybersecurity Engineer (RCCE) Level 1
• Certified Cloud Security Professional (CCSP)
• Cisco Certified Network Associate (CCNA) Cybersecurity (formerly Cisco Cybersecurity Associate)
• EC-Council Certified Incident Handler (ECIH)
• Federal IT Security Professional-Operator-NG (FITSP-O)

OR This requirement can be met through:

• A Bachelor's Degree in Cybersecurity, Computer Science, IT, or a related field.

Experience:

• 2-5 years of professional experience managing and supporting enterprise-level IT environments.

Technical Skills:

• Deep understanding of security frameworks, including NIST 800-53, RMF, and/or DoD 8510.01.
• Experience developing and maintaining System Security Plans (SSPs) and managing POA&Ms for compliance and audit purposes.
• Proficiency with vulnerability scanning tools and security analysis platforms, such as Nessus, ACAS, or Qualys.
• Knowledge of security controls implementation and system hardening using DISA STIGs or CIS Benchmarks for platforms and network-enabled devices.
• Familiarity with monitoring tools such as Splunk, Solar Winds, or other SIEM solutions for proactive security monitoring and incident management.
• Strong understanding of Windows Server and Active Directory security, including account policy configurations and group policy enforcement.
• Basic knowledge of Red Hat Enterprise Linux (RHEL) for security configurations and patching.
• General…