Information System Security Officer, (ISSO) IT Security Services Manager, (Clearance TS SCI w/Poly) Annapolis Junction, MD

About The Position

Requirements

• Active TS/SCI with Polygraph (current and adjudicated)
• DoD 8570 IAT Level II certification: Security+ CE or higher (SSCP, GSEC, CCNA Security, etc.)
• 5+ years of experience administering classified information systems
• 3+ years as a named ISSO supporting IC systems
• Expertise with RMF (NIST SP 800‑37/800‑53) and IC/DoD security directives, DIACAP processes
• Experience with vulnerability assessment tools, SIEM/log analysis, patch management, configuration hardening, and CM tools/processes
• Strong communication skills with experience briefing technical and non‑technical stakeholders
• U.S. Citizenship required

Nice To Haves

• CISSP, CAP, CISSP‑ISSMP, or equivalent advanced certifications
• Prior IC program support within classified environments
• Experience securing classified cloud environments, cross‑domain solutions, PKI, and cryptographic handling policies
• Familiarity with DevSecOps practices in classified enclaves
• Bachelor’s degree in Cybersecurity, Computer Science, Information Assurance, or related field preferred; equivalent education or related experience acceptable.

Responsibilities

• Serve as the designated ISSO and primary point of contact for assigned IC/DoD mission systems, owning system security posture, assignment of security technical implementation guides (STIGs), RMF/accreditation activities, and coordination with Government stakeholders (Authorizing Officials, Security Control Assessors, ISSMs, and external auditors).
• Manage configuration management processes to ensure integrity, traceability, and secure state of system baselines and authorized changes throughout the system lifecycle.
• Develop, maintain, and manage RMF accreditation documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessment Reports (RARs), Plans of Action & Milestones (POA&Ms), and Interconnection Security Agreements (ISAs).
• Execute continuous monitoring activities—vulnerability scanning, patch/configuration management, baseline assurance, and log/telemetry analysis—and coordinate remediation to mitigate risk.
• Plan and coordinate security control assessments, compliance inspections, and audits; manage remediation tracking, risk acceptance, and engagement with Authorizing Officials to achieve and maintain Authority to Operate (ATO).
• Develop, implement, and exercise Incident Response Plans (IRPs); lead incident triage, containment, recovery, reporting, and root‑cause analysis in accordance with IC and DoD policy.
• Provide technical guidance on secure system design, hardening, boundary protections, data handling, and cryptographic/COMSEC considerations.
• Advise leadership and stakeholders on system risk posture, emerging threats, and recommended mitigation strategies; prepare concise security briefings and reports.
• Develop and deliver security training and awareness materials for system users, administrators, and engineering teams.
• Maintain currency on evolving IC and DoD cyber security standards, threats, and best practices.

Benefits

• Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.
• Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.
• Unconditional Inclusion We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.