Information System Security Officer (ISSO)

About The Position

Requirements

• Minimum of FIVE (5) years of experience in cybersecurity or information assurance.
• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Demonstrated experience applying cybersecurity principles to operational systems.
• Active and maintained DoD or Federal Secret clearance.
• One or more relevant cybersecurity certifications (e.g., CISSP, CISM, Security+).
• Ability to work full time on site in Washington, DC.

Nice To Haves

• Experience with enterprise networking and security technologies, including firewalls, IDS/IPS, routers, switches, logging solutions, and endpoint security tools.
• Experience conducting risk assessments in cloud environments (AWS, Azure, Google Cloud).
• Strong written and verbal communication skills with the ability to communicate complex security concepts to non-technical stakeholders.
• Demonstrated ability to work independently and prioritize tasks in high-tempo environments.
• High Value Asset (HVA) assessment experience.

Responsibilities

• Design and implement technical security controls aligned with NIST RMF, NIST SP 800-53, and agency security architectures.
• Collaborate with system, network, and cloud architects to embed security requirements into system designs and architectures.
• Evaluate technical solutions for compliance with federal security standards and best practices.
• Support security testing, validation, and remediation of technical findings.
• Analyze vulnerability scan results and recommend engineered solutions to mitigate risk.
• Provide technical input to SSPs, diagrams, and architecture documentation.
• Support Assessment and Authorization (A&A) activities, including development and maintenance of System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
• Monitor and assess security controls to ensure continuous compliance with FISMA, OMB memoranda, and agency-specific GRC requirements.
• Review and evaluate disaster recovery and resilience capabilities, including backups, endpoint protection (EDR), web application firewalls (WAF), host-based firewalls, and application whitelisting.
• Conduct vulnerability assessments, password audits, malware detection, and intrusion monitoring.
• Review change management documentation to assess security impact across system lifecycle changes.
• Assess the security impact of system changes and new technologies.
• Support DevSecOps initiatives by integrating security controls into CI/CD pipelines where applicable.
• Author clear and concise risk narratives and briefings for government CISOs, Authorizing Officials, and external auditors.
• Support audits, inspections, and security assessments by internal and external stakeholders.

Benefits

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Position may be eligible for a discretionary variable incentive bonus
• Parental Leave and Adoption Assistance
• 401(k) Retirement Plan
• Basic Life & Supplemental Life
• Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
• Short-Term & Long-Term Disability
• Student Loan PayDown
• Tuition Reimbursement, Personal Development & Learning Opportunities
• Skills Development & Certifications
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Emergency Back-Up Childcare Program
• Mobility Stipend