Cleared On Site Information Systems Security Officers (ISSO) (5359)

About The Position

Requirements

• Active TS/SCI clearance required
• Minimum of 8 years of professional experience supporting cybersecurity, information assurance, RMF, or information system security activities
• Demonstrated experience serving as an ISSO, ISSM support resource, cybersecurity lead, or senior security practitioner within a federal environment
• Extensive experience supporting Risk Management Framework (RMF) activities and Authorization to Operate (ATO) processes
• Experience developing and maintaining SSPs, POA&Ms, Security Assessment Plans, authorization artifacts, and related security documentation
• Strong knowledge of NIST 800-53, NIST 800-37, FISMA, and federal cybersecurity requirements
• Experience implementing, assessing, and maintaining security controls across enterprise information systems
• Experience supporting continuous monitoring programs, vulnerability management, and compliance initiatives
• Experience evaluating system security risks and developing risk-based mitigation strategies
• Experience supporting audits, assessments, inspections, and compliance reviews
• Strong understanding of access control management, security documentation, risk assessment, and security operations
• Strong analytical, troubleshooting, and problem-solving skills
• Ability to communicate technical security concepts to technical and non-technical audiences
• Strong written and verbal communication skills
• Ability to work independently while managing multiple priorities and supporting complex security initiatives

Nice To Haves

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or related field
• Advanced degree preferred
• Experience supporting federal government, law enforcement, intelligence community, or national security programs
• Experience supporting cloud environments and cloud security compliance requirements
• Experience supporting Governance, Risk, and Compliance (GRC) platforms and security workflow management solutions
• Familiarity with enterprise cybersecurity tools including: Splunk, Tenable Nessus, Security Center, SIEM Platforms, Vulnerability Management Tools, Endpoint Detection and Response (EDR) Solutions
• Experience supporting Zero Trust initiatives and cybersecurity modernization efforts
• Familiarity with Agile delivery methodologies and DevSecOps practices
• One or more of the following certifications preferred: CISSP, CAP (Certified Authorization Professional), CISM, CASP+, CCSP, Security+, GSEC
• Other relevant cybersecurity certifications
• Experience supervising, mentoring, or leading cybersecurity teams preferred

Responsibilities

• Serve as the principal security advisor to System Owners (SOs), Business Process Owners, ISSMs, and program leadership on matters related to information system security
• Lead implementation, maintenance, and continuous improvement of security controls across enterprise systems and applications
• Direct and coordinate RMF activities including system categorization, control implementation, security assessments, authorization activities, and continuous monitoring
• Develop, review, and maintain System Security Plans (SSPs), POA&Ms, Security Assessment Plans, security procedures, and related authorization documentation
• Evaluate system security posture and recommend corrective actions to address risks, vulnerabilities, and compliance deficiencies
• Lead security reviews and assessments to validate implementation and effectiveness of security controls
• Coordinate with engineers, system administrators, developers, and government stakeholders to ensure security requirements are integrated throughout the system lifecycle
• Support Authorization to Operate (ATO) activities and ongoing authorization maintenance efforts
• Direct vulnerability management activities including identification, remediation tracking, risk assessment, and validation of corrective actions
• Review and validate access control implementations, privileged account management, hardware inventories, software inventories, and security configurations
• Develop security reports, dashboards, metrics, and recommendations for government leadership
• Support audit activities, compliance reviews, inspections, and security assessments conducted by internal and external organizations
• Provide guidance regarding physical and logical protection of information system assets
• Evaluate security program effectiveness and recommend improvements to policies, procedures, and operational practices
• Support incident response, security investigations, and remediation activities as required
• Lead major security initiatives and provide mentorship and guidance to junior cybersecurity personnel
• Advise leadership on emerging threats, cybersecurity risks, and security modernization opportunities

Benefits

• health insurance
• paid leave
• retirement