Information System Security Officer (ISSO)

Leidos•Lorton, VA

4d•$107,900 - $195,050•Onsite

About The Position

The Defense Sector at Leidos is looking for an Information Systems Security Officer (ISSO) to support a fast-paced program with the Air Force Life Cycle Management Center. This role involves supporting the delivery of comprehensive IT and support services to ensure mission success while adhering to DoD standards and regulations. The ISSO will oversee the cybersecurity posture of DoD information systems, ensuring compliance with DoD security standards and protecting sensitive data. The ISSO will develop and implement security policies, conduct risk assessments, manage system accreditations (RMF), and lead continuous monitoring efforts. This role requires collaboration with cross-functional teams to enforce security controls and manage continuous monitoring. The ISSO will also maintain security documentation and ensure ongoing compliance with applicable regulations. The ISSO will be expected to be proficient technically & to perform hands-on cybersecurity tasks. Why This Role Matters: Security and compliance in defense-sector classified networks have long lived in a structural paradox: the processes designed to protect mission software are the same processes that slow it down. Manual authorization cycles. Point-in-time snapshots. Documentation that proves intent but not execution. Every program team re-solves the same compliance problems. Every platform that wants to help them must run the gauntlet first. What you'll bring to the fight isn't a workaround to this problem. It's a better process: facilitating a continuous ATO through real-time monitoring and dashboards that provide single pane of glass visibility into control compliance, zero-trust built-in to system design from day one, continuous evidence that gives auditors real-time proof instead of point-in-time packages, and an ATO that program teams can inherit rather than pursue. The result is a security posture that's stronger than manual review, stricter, and more consistent. You are here to provide the foundational cybersecurity policy and processes that the program can scale and replicate across multiple environments. Who You Are: You are a cybersecurity professional who sees security as a mission enabler, not a roadblock. You thrive in complex DoD environments and enjoy solving difficult security challenges while balancing operational requirements, compliance obligations, and mission success. You are equally comfortable discussing risk with senior leaders, collaborating with engineers on technical solutions, and independently driving initiatives from concept to implementation. You don't wait to be told what needs to be done, you identify gaps, develop solutions, and take ownership of outcomes.

Requirements

US Citizen with at least an active Top Secret security clearance with the ability to obtain a SCI prior to your start date.
Bachelor’s degree with 8+ years of experience or a Master’s degree with 6+ years of experience. Additional experience may be considered in lieu of a degree.
In-depth knowledge of DoD cybersecurity policies, frameworks, and compliance standards (e.g., NIST 800-53, RMF, FISMA, ICD 503/705, JSIG, DAAPM).
Must have a DoD 8140 Intermediate certification (e.g. Cloud+, Security+, etc.).
Experience with system security engineering, risk management, and vulnerability assessments.
Strong understanding of network security, security controls, and common cybersecurity tools (e.g., firewalls, IDS/IPS, SIEM, endpoint protection).
Ability to work independently and collaborate effectively with cross-functional teams.
Strong communication skills, including the ability to create and present detailed security reports to stakeholders.
Interest in continuous learning and professional development in cybersecurity

Nice To Haves

US Citizen with an active TS/SCI security clearance.
DoD 8140 Advanced certification e.g. CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), etc.
Experience with JSIG implementation of the Risk Management Framework (RMF) for DoD system accreditations and continuous monitoring processes.
Experience in managing security for complex DoD programs or mission-critical systems.
Familiarity with cloud security practices and systems, particularly in a hybrid or government cloud environment.
Experience with security tools for vulnerability scanning, penetration testing, and security auditing.
Cloud security certifications (e.g. Azure Security Technologies or AWS Certified Security Specialty).
Experience with configuration management and change management processes in a secure environment.

Responsibilities

Collaborate daily with the ISSM to provide expert cybersecurity guidance and recommendations.
Support the development, implementation, and maintenance of security policies, procedures, and documentation to ensure compliance with DoD security standards and regulations (e.g., NIST, RMF, FISMA, JSIG).
Oversee the security posture of DoD information systems, ensuring they meet cybersecurity requirements for confidentiality, integrity, and availability.
Perform risk assessments, vulnerability assessments, and security audits to identify system vulnerabilities and provide remediation strategies.
Manage and conduct continuous monitoring of security controls, ensuring the protection of classified and unclassified data.
Coordinate with cross-functional teams (engineering, IT, operations) to implement and enforce security protocols and best practices.
Ensure the accreditation process for DoD systems (e.g., RMF accreditation) is completed and continually maintained in compliance with all applicable requirements.
Act as the primary point of contact for security-related issues, assisting in incident response and reporting to senior management and government customers.
Provide security training and awareness programs for personnel involved in the operation of DoD systems.
Maintain and track security documentation, including system security plans (SSPs), risk assessments, and Plan of Actions & Milestones (POA&Ms).
Stay current with emerging cybersecurity threats, vulnerabilities, and trends to ensure the program adapts to evolving security challenges.