Information System Security Officer (ISSO)
About The Position
We are seeking an Information System Security Officer (ISSO) to support our federal government customer. The ISSO is responsible for ensuring the secure configuration, operation, and compliance of information systems (IS) within federal government environments. The ISSO plays a critical role in supporting the Risk Management Framework (RMF) lifecycle, maintaining Authority to Operate (ATO) status, and enforcing cybersecurity policies, procedures, and controls in accordance with NIST, FISMA, and agency-specific standards. This is a hybrid remote position based in the Washington, D.C., Maryland, Virginia (DMV) area that will require some onsite work at the customer’s location. This position is contingent on contract award.
Requirements
- 5–7 years of progressive experience in cybersecurity compliance and systems security in the federal government or DoD sector.
- Deep understanding of:
- - NIST SP 800 53, 800 171 , and Risk Management Framework (RMF).
- - FedRAMP High and CMMC 2.0 Level 2/3 compliance requirements.
- - POA&M management, vulnerability management tools (e.g., Tenable.sc, Nessus), and audit support.
- Hands-on experience with:
- - AWS GovCloud/Azure Government security configurations.
- - Secure enclave architecture, boundary defense, incident response, and continuous monitoring.
- Strong familiarity with ACAS, eMASS, HBSS, STIG Viewer, and SCAP compliance tools.
- Excellent verbal and written communication skills.
- Previous experience working at a federal government agency preferred.
- Ability to pass required Federal background screening / security check including basic and expanded investigations.
- Ability to obtain and maintain both government clearance and customer approval.
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
Nice To Haves
- Previous experience working at a federal government agency preferred.
- Professional Certifications: - CISSP, CAP, or CISM strongly preferred.
Responsibilities
- Serve as the primary cybersecurity point of contact for assigned information systems.
- Implement and manage security controls and procedures in accordance with NIST SP 800-53, NIST SP 800-37, and the agency’s cybersecurity framework.
- Support the system lifecycle (RMF Steps 1–6), including: System categorization; Security control selection and implementation; Security assessment preparation; POA&M tracking and remediation; Continuous Monitoring (ConMon).
- Coordinate and prepare system documentation including: System Security Plan (SSP); Security Assessment Report (SAR); Risk Assessment Reports (RAR); Incident Response Plans (IRP).
- Conduct regular security reviews, vulnerability assessments, STIG compliance checks, and audit log reviews.
- Collaborate with system owners, developers, and operations staff to ensure security is integrated into IT projects and daily operations.
- Monitor, track, and report cybersecurity metrics and compliance status to the ISSM, CISO, or agency stakeholders.
- Manage user access reviews, account recertification, and system-level security awareness training.
- Support incident response and investigation efforts when cybersecurity events are detected.
- Coordinate with external assessors, auditors, and the agency's Authorizing Official (AO) during security evaluations.
Benefits
- healthcare benefits (Medical, Dental, Vision)
- Basic Life Insurance
- Short-Term Disability
- Long-Term Disability
- 401(k)
- Flexible Spending Account
- EAP
- Education Reimbursement
- Paid Time Off
- Holidays
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
