Information System Security Officer (Applications)

Logistics Management Institute

12d•$90,270 - $155,000•Remote

About The Position

LMI is seeking an Information System Security Officer (Application) to support cybersecurity operations for the U.S. Army Center for Initial Military Training’s (CIMT) Holistic Health & Fitness Management System (H2FMS). H2FMS is a secure analytics environment operating in Army GovCloud that integrates the vendor-provided H2F data capture application with cloud hosting, data pipelines, machine-learning models, and user-facing dashboards. This position requires the ability to obtain and maintain a Secret clearance. You must be a U.S. citizen. The Application ISSO is responsible for supporting RMF and continuous ATO activities relating to application-level security, ensuring secure integration, secure software interfaces, application configuration compliance, and evidence collection for cybersecurity packages. This role works closely with the Senior ISSM, DevSecOps Engineers, Software Developers, Cloud team, Cyber Engineers, and Army AO/AODR stakeholders. LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed. Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors—helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.

Requirements

Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, Engineering, or related field.
3–6 years of cybersecurity experience, including supporting applications in secure environments.
Familiarity with RMF, DISA STIGs, security controls, and continuous monitoring.
Experience with application security practices (secure coding, API security, OWASP principles).
DoW 8140 elevated privileges certification (Security+, CySA+, CCNA Security, etc.).
Ability to obtain and maintain a Secret clearance. You must be a U.S. citizen.

Nice To Haves

Experience supporting DoW software systems or cloud-hosted applications.
Familiarity with DevSecOps toolchains and CI/CD security scanning.
Experience supporting ATO or cATO packages.
Experience with Army cybersecurity policy and governance.

Responsibilities

Support application-focused RMF activities, including security control evidence gathering, testing, updates, and continuous monitoring.
Assist in creating and maintaining application-level artifacts in the System Security Plan (SSP).
Conduct application-level security control assessments and assist in POA&M updates.
Validate secure integration between the vendor H2F application and H2FMS APIs, data services, and endpoints.
Review application configurations for compliance with Army cybersecurity policy, STIGs, and Zero Trust requirements.
Ensure encryption, access controls, and secure coding best practices are implemented and documented.
Conduct vulnerability scanning, application security reviews, dependency checks, and static/dynamic testing.
Work with DevSecOps to integrate automated scanning (SAST, SCA, container scans) into CI/CD pipelines.
Document and track findings; support timely remediation activities.
Review application logs, SIEM alerts, and API audit trails for anomalous activity.
Assist in incident investigation, documentation, and response activities.
Ensure application events meet continuous monitoring standards for cATO.
Maintain application-level cybersecurity documentation and assist with audit preparation.
Support generation of compliance reports, updates to RMF artifacts, and responses to cybersecurity inquiries.
Collaborate with the ISSM to maintain a complete and accurate cybersecurity evidence package.
Participate in sprint ceremonies, backlog refinement, and technical design discussions.
Provide cybersecurity input on application features, user stories, and acceptance criteria.