Information System Security Officer

Credence•Huntsville, AL

15h

About The Position

Join a team where innovation meets mission. Our AI, cloud, cyber, and modernization solutions save agencies thousands of hours, safeguard national security, and strengthen health and humanitarian missions worldwide. With 1,700+ team members, 1,500+ AI/data experts, and 100+ prime contracts, we deliver at scale and with purpose. We’ve been recognized as a Top Workplace by the Washington Post for six straight years and named to the Inc. 5000 Fastest Growing Private Companies 13 of the past 14 years. Credence is a welcoming home for those looking to grow and contribute to positive change. We encourage all employees to expand beyond their boundaries, dive into important world-changing Federal challenges. Credence has a pending need for Information System Security Officers (ISSO) at multiple levels (Jr./Mid/Sr.) to support our work at various locations slated to begin mid-summer 2026. The ISSO plays a critical role in ensuring the confidentiality, integrity, and availability of information systems within an organization. Acting as the primary liaison between system owners and cybersecurity stakeholders, the ISSO is responsible for implementing and maintaining security frameworks, continuous monitoring practices, and incident response procedures to safeguard sensitive data and support mission-critical operations.

Requirements

An active Top-Secret clearance is required
Experience can range from 2 to 12+ years (experience requirement will vary depending on the level: Jr./Mid/Sr.)
Holds one (or more) of these Certifications: Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP), Certified Secure Software Lifecycle Professional (CSSLP) (CISSP Special Focus) Information System Security Engineering Professional (ISSEP) (CISSP Special Focus) Information System Security Architecture Professional (ISSAP) Similar or comparable security focused certifications
Proven experience with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications.

Responsibilities

Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS
Provide liaison support between the system owner and other IS security personnel
Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle
Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis
Conduct required IS vulnerability scans according to risk assessment parameters
Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
Manage the risks to ISs and other customer assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of POAMs
Coordinate system owner concurrence for correction or mitigation actions
Monitor security controls for our customer's ISs to maintain Authorization to Operate (ATO)
Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase
Ensure that changes to the IS, it's environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM)
Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR