Information System Security Officer (ISSO)
Peraton•Laurel, MD
•Onsite
About The Position
Peraton Labs is seeking a poly cleared Information System Security Officer (ISSO) for a mission-critical, highly complex High-Performance Computing (HPC) environment enabling research across multiple security domains. The ISSO will be responsible for day-to-day security operations aligned with the Risk Management Framework (RMF), driving continuous monitoring, maintaining Authority to Operate (ATO) posture, and partnering closely with subcontractor and customer personnel to ensure implementation and compliance. This position requires full-time, on-site work in Laurel, MD.
Requirements
- 6+ years of experience and a BS in computer science, IT, or related technical discipline, or MS and 4+ years of experience. Four years of additional experience is required in lieu of a Bachelors’ degree for a total of 10 years of experience
- 4+ years of experience supporting DoD/IC or government systems
- Hands-on experience executing RMF tasks and maintaining authorization artifacts (SSP, POA&Ms, continuous monitoring evidence)
- Strong working knowledge of NIST SP 800-53 controls and how they map to technical implementations and procedures
- Experience with vulnerability and configuration compliance workflows
- Familiarity with Linux-based enterprise environments and common hardening concepts
- Ability to communicate risk clearly to both technical engineers and non-technical leadership
- Strong documentation discipline
- Active TS/SCI security clearance with a current polygraph is required.
Nice To Haves
- Experience securing or assessing containerized workflows (e.g., container runtime hardening, image governance, supply chain considerations)
- Experience with eMASS (or comparable GRC tooling), security control inheritance models, and assessor engagement.
- Familiarity with vulnerability tooling and security monitoring concepts
- Active certifications such as: CISSP, CISM, CAP, GSLC, Security+, CCSP, etc.
- Experience with data protection requirements relevant to sensitive environments
Responsibilities
- Act as the ISSO supporting the system security lifecycle across development, operations, and modernization
- Execute and maintain RMF activities (e.g., control implementation oversight, evidence collection, assessment support, POA&M management, continuous monitoring)
- Maintain security authorization artifacts (e.g., SSP, control narratives, diagrams, inheritance/leverage controls, CM plan, incident handling plan, contingency artifacts, user/admin procedures)
- Operate continuous monitoring: vulnerability management, config compliance, patching coordination, scan result triage, risk acceptance, and remediation verification
- Review and approve security-relevant changes through configuration/change control and validate security configurations after major upgrades
- Support incident response and reporting: participate in investigations, coordinate containment actions, preserve evidence, and contribute to post-incident lessons learned
- Ensure least privilege/access governance: account management oversight, privileged access workflows, periodic access reviews, and audit compliance requirements
- Translate security requirements into implementation guidance that engineering teams can operationalize (clear, testable, and automatable where possible)
Benefits
- This position may be eligible for an increased sign-on bonus. Eligibility, bonus amount, and applicable terms and conditions will be discussed during the recruiting process.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
