Information Systems Security Officer

Job Description

Job Description

Description:

We are seeking an Information Systems Security Officer (ISSO) – Subject Matter Expert to lead and execute cybersecurity compliance and operational security activities for classified enterprise systems. You will serve as a primary security authority for assigned systems, ensuring continuous compliance with RMF/ATO requirements, enforcing security controls, managing security documentation, supporting audits, and driving vulnerability remediation in coordination with engineering and operations teams.

Key Responsibilities

• Serve as the ISSO SME for assigned information systems, advising system owners and technical teams on security requirements, control implementation, and operational compliance.
• Lead RMF lifecycle activities: security categorization, control selection, implementation support, assessment coordination, ATO/ATO renewals, continuous monitoring, and POA&M management.
• Maintain and update system security documentation (SSP, SAP/SAR, control evidence, policies/procedures, network/data flow diagrams, inventory/artifacts, and assessment packages).
• Implement and sustain continuous monitoring: review security logs/alerts, validate control performance, manage monthly/quarterly security reporting, and ensure timely evidence collection.
• Coordinate and support internal/external security assessments, inspections, and audits; respond to Requests for Information (RFIs) and track corrective actions to closure.
• Drive vulnerability management: validate scan results, prioritize findings, coordinate patching and remediation, document risk decisions, and ensure compliance with timelines.
• Ensure security-relevant changes follow formal change/configuration management; review security impact, update artifacts, and participate in change control boards as needed.
• Support incident response activities: triage, containment guidance, evidence preservation, reporting, and post-incident corrective actions/lessons learned.
• Oversee account/access security processes: least privilege, privileged access oversight, periodic access reviews, account lifecycle controls, and audit support.
• Provide security engineering guidance for hardening, secure baseline configurations, STIG/SRG compliance, and secure system operations in classified environments.
• Collaborate with infrastructure, application, and operations teams to ensure security requirements are designed into solutions and sustained during operations.
• Mentor junior ISSOs/security analysts and contribute to standardization of security processes, templates, and playbooks.

Requirements:

Required

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Engineering, or related field (or equivalent experience).
• Active Top Secret clearance (required).
• 10+ years of cybersecurity experience with 5+ years performing ISSO (or equivalent) duties in regulated or classified environments.
• Deep expertise with NIST RMF (NIST SP 800-37), NIST SP 800-53 controls, and ATO package development/maintenance.
• Demonstrated experience supporting security control assessments, audit readiness, and continuous monitoring programs.
• Strong knowledge of vulnerability management practices (scanning, prioritization, remediation tracking, risk acceptance) and system hardening (STIG/SRG).
• Experience working with enterprise ITSM/ticketing processes for incident/request/change tracking and metrics.
• Strong written communication skills with proven ability to produce high-quality security documentation and brief technical/non-technical stakeholders.
• Ability to lead through influence, coordinate across multiple teams, and manage multiple concurrent priorities in high-tempo environments.

Preferred

• CISSP (highly preferred) or equivalent advanced security certification.
• CAP, CISM, GSLC, CCSP, or similar certifications.
• Experience with SIEM/log review workflows and security event triage processes.
• Familiarity with Windows/Linux security, virtualization, and database/platform security concepts.
• Experience supporting classified networks/enclaves and implementing secure operational procedures in restricted environments.
• ITIL Foundation (nice to have).