Information System Security Officer (ISSO)

Lockheed Martin•Colorado Springs, CO

1d•Onsite

About The Position

Lockheed Martin is a cybersecurity pioneer, partner, innovator and builder. Our amazing employees are on a mission to make a difference in the world and every single day we use our unique skills and experiences to create, design and build solutions to some of the worlds’ hardest engineering problems. We provide the resources, inspiration and focus – if you have the passion and courage to dream big, then we want to build a better tomorrow with you. At Lockheed Martin Rotary and Mission Systems (RMS), we are driven by innovation and integrity. We believe that by applying the highest standards of business ethics and visionary thinking, everything is within our reach – and yours as a Lockheed Martin employee. Lockheed Martin values your skills, training and education. Come and experience your future! We are looking for a cybersecurity SME to join the RMS Classified Cyber Security (CCS) team. This exciting opportunity is located in Colorado Springs, CO and will support multiple Department of Defense (DoD) programs. The candidate will ensure compliance through the implementation of mandatory information system security requirements on assigned information systems utilizing various government guidance publications (e.g., NISPOM, DoD 8500 series, NIST, CNSSI, DAAG, etc.) in support of development and operations. The work that our CCS Professionals do can be summarized in this way: You will have a direct impact to national security, ultimately contributing to protecting your loved ones – this is dynamic, gratifying and impactful work! You will have the opportunity to engage in all aspects of the cyber discipline within our large organization & portfolio, often getting exposure to many projects You will be a part of a company widely recognized as a top employer and ranked #38 on Forbes "2025 World’s Best Employers" You will have an opportunity to make a difference in your first year by: Coordinating and managing interactions with government partners to facilitate and maintain 100% active status of all Authorizations to Operate. Overseeing technical administration of information system in accordance with internal LM and customer security requirements, primarily Risk Management Framework (RMF) to include Continuous Monitoring, Plan of Action and Milestones (POA&M), and Change Management. Developing and implementing government-approved information system security procedures and system security plans for the operation of networked and standalone classified systems. Communicating, implementing, and managing a formal cybersecurity program Overseeing and conducting risk assessments on cybersecurity architecture and perform comprehensive investigations of computer security incidents, collaborating with outside agencies as required.

Requirements

Active Secret security clearance.
DoD 8570/8140 IAT Level II certification (e.g., Security+ CE, CySA+, CCNA Security, CND).
Proven hands on experience with industry standard cybersecurity tools, including vulnerability scanners (e.g., Tenable), Security Incident and Event Management (SIEM) and auditing platforms (e.g., Splunk), endpoint protection solutions (e.g., Trellix), and package submission tools (e.g., eMASS, XACTA)
Demonstrated ability to lead the Risk Management Framework (RMF) process to secure Authorizations to Operate (ATO), encompassing Defense Counterintelligence and Security Agency (DCSA) authorizations.
Strong technical root cause analysis skills with a track record of developing corrective actions, policies, and procedures to resolve discrepancies.
Experience conducting risk and vulnerability assessments in line with applicable regulations, such as the DCSA Assessment and Authorization Guide (DAAG), National Industrial Security Program Operating Manual (NISPOM), NIST Special Publication (SP) 800-53, and various DISA Security Technical Implementation Guides (STIGs)

Nice To Haves

DoD 8570/8140 IAM Level II certification (e.g., CISSP, CISM, CASP+/SecurityX).
Experience with the Command, Control, Battle Management, and Communications (C2BMC) program.
Proven track record of deploying and integrating complex, multi‑classification technologies across large‑scale, enterprise‑wide environments.
Network device administration experience to include security best practices and monitoring of firewall, routers, and switches.
Strong background in Agile and DevSecOps methodologies and associated toolsets (e.g., JIRA, Confluence, Docker, Ansible, Git).
In‑depth knowledge of the NISPOM and the DAAG.
Familiarity with key security frameworks and guidelines, including the Joint Special Access Program (JSIG) Implementation Guide, CNSSI 1253, and NIST SP 800‑37 (Risk Management Framework)
Bachelor’s degree from an accredited institution in a relevant discipline, supplemented by 8 + years of professional experience in the field.

Responsibilities

Coordinating and managing interactions with government partners to facilitate and maintain 100% active status of all Authorizations to Operate.
Overseeing technical administration of information system in accordance with internal LM and customer security requirements, primarily Risk Management Framework (RMF) to include Continuous Monitoring, Plan of Action and Milestones (POA&M), and Change Management.
Developing and implementing government-approved information system security procedures and system security plans for the operation of networked and standalone classified systems.
Communicating, implementing, and managing a formal cybersecurity program
Overseeing and conducting risk assessments on cybersecurity architecture and perform comprehensive investigations of computer security incidents, collaborating with outside agencies as required.
Ensure configuration management (CM) for security-relevant software, hardware, and firmware.
Assist and conduct cybersecurity education and training.
Assist in conducting investigations of computer security violations and incidents.
Handling mission requirements which may drive unpredictable work hours/schedules
Working in a high paced environment driven by growing and ever-changing technical implementation requirements

Benefits

flexible schedules
competitive pay
comprehensive benefits
Medical
Dental
Vision
Life Insurance
Short-Term Disability
Long-Term Disability
401(k) match
Flexible Spending Accounts
EAP
Education Assistance
Parental Leave
Paid time off
Holidays
accrue at least 10 hours per month of Paid Time Off (PTO) to be used for incidental absences and other reasons
receive at least 90 hours for holidays (Non-represented full-time employees)
accrue 6.67 hours of Vacation per month (Represented full time employees)
accrue up to 52 hours of sick leave annually (Represented full time employees)
receive at least 96 hours for holidays (Represented full time employees)
incentive plan eligible