Information System Security Officer (ISSO) - TS/SCI with Polygraph
About The Position
GDIT is seeking a highly skilled and multi-faceted Information System Security Officer (ISSO) for a critical contract role supporting a commercial cloud service provider's mission-critical systems. This position requires the employee to report full time on site in McLean, VA. The ideal candidate is a proactive and seasoned professional with extensive, hands-on experience navigating the FedRAMP, DoW Impact Level 6 (IL6), and Risk Management Framework (RMF) requirements for classified commercial cloud services and cross domain solutions. This role requires a unique blend of technical engineering prowess, security assessment and auditing skills, deep expertise in continuous monitoring, and the polish to communicate risk to executive leadership. You will be a key contributor to our Governance, Risk, and Compliance (GRC) program, supporting the Information System Security Manager (ISSM) and ISSO Lead in ensuring the unyielding security and integrity of mission-critical systems. The ISSO will support the following key areas - RMF & Assessment and Authorization (A&A) Security Engineering & System Hardening Security Control Assessor (SCA) & Auditing Continuous Monitoring & GRC Additionally, the ISSO will - Support Assessment & Authorization (A&A) execution for classified commercial cloud service offerings, and Cross Domain Solutions (CDS) as needed, through the entire respective FedRAMP/DoW IL6 and/or RMF lifecycles to obtain and maintain the applicable authorizations. Assist in maintaining a comprehensive body of evidence for A&A packages. Support the monthly and overall FedRAMP/DoW IL6, DoW CDS as needed, and IC Continuous Monitoring requirements. Work with security engineering to proactively identify and assess vulnerabilities related to scans, STIGs, security controls, etc. Support assessment preparation for security control audits, traditional security reviews, and formal inspections, including preparing for and executing FedRAMP/IL6 third-party assessment organization (3PAO) assessments, DoW CDS assessments as needed, and IC assessments. (Potential to support DCSA classified space assessments.) Meticulously review artifacts, logs, and system configurations to ensure they provide sufficient evidence of compliance. Coordinate and/or participate in security testing and penetration testing activities to provide an independent validation of the system's security posture.
Requirements
- Security clearance level: Must possess a current and active TS/SCI with Polygraph.
- Certifications: Must be DoW 8140 / 8570.01-M compliant
- Education: BA/BS Degree or equivalent experience in lieu of degree
- Experience: 5+ years of related experience
- Technical skills: Expert-level knowledge of the complete NIST SP 800 series (especially 800-37, 800-53, 800-30) and risk management principles.
- Progressive experience in information assurance and cybersecurity roles.
- Direct, hands-on experience as an ISSO or ISSM, with a proven track record of successfully supporting ATO for classified systems under IL6, DoW RMF, and/or ICD 503 policies.
- Extensive, hands-on experience navigating the FedRAMP, DoW Impact Level 6 (IL6), and Risk Management Framework (RMF) requirements for classified commercial cloud services and cross domain solutions.
- Location: Onsite in McLean, VA
Nice To Haves
- Certifications: CISSP (Certified Information Systems Security Professional)
Responsibilities
- Support Assessment & Authorization (A&A) execution for classified commercial cloud service offerings, and Cross Domain Solutions (CDS) as needed, through the entire respective FedRAMP/DoW IL6 and/or RMF lifecycles to obtain and maintain the applicable authorizations.
- Assist in maintaining a comprehensive body of evidence for A&A packages.
- Support the monthly and overall FedRAMP/DoW IL6, DoW CDS as needed, and IC Continuous Monitoring requirements.
- Work with security engineering to proactively identify and assess vulnerabilities related to scans, STIGs, security controls, etc.
- Support assessment preparation for security control audits, traditional security reviews, and formal inspections, including preparing for and executing FedRAMP/IL6 third-party assessment organization (3PAO) assessments, DoW CDS assessments as needed, and IC assessments. (Potential to support DCSA classified space assessments.)
- Meticulously review artifacts, logs, and system configurations to ensure they provide sufficient evidence of compliance.
- Coordinate and/or participate in security testing and penetration testing activities to provide an independent validation of the system's security posture.
Benefits
- Comprehensive benefits and wellness packages
- 401K with company match
- Competitive pay and paid time off
- Full flex work weeks where possible
- Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
- Short and long-term disability benefits
- Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
