Information Systems Security Officer (ISSO), Java / Application Security

Torch.AI•Leawood, KS

About The Position

Torch.AI builds the AI Control Layer for the United States Government, providing foundational infrastructure that turns complex, multi-domain data into operational decision advantage. Their platform is accredited, deployed, and operating across enterprise clouds and tactical edge environments, supporting various defense operations including ISR, information advantage, joint effects, and force protection. In 2021, Torch.AI acquired The Data Tech Group (DTG), a trusted provider of mission-critical software and sustainment support. Torch.AI (DTG) plays a key role in supporting the Defense Information Systems Agency (DISA) Telecommunications Inventory and Billing Information (TIBI) program, which manages and reconciles telecommunications service inventory and associated billing data for DoD customers. This role offers the opportunity to lead and maintain the security posture of this mission-critical DISA system, working at the intersection of cybersecurity, compliance, and software delivery. The ISSO will play a central role in sustaining ATO accreditation, managing vulnerabilities, and shaping secure modernization efforts, partnering closely with both government stakeholders and engineering teams to ensure systems remain secure, compliant, and operationally effective. Torch.AI believes the government must own its data, decision environment, and reasoning infrastructure, and their capabilities increase the value of existing systems. The DTG team has over 20 years of experience providing DISA with excellent service quality. You'll join a team of engineers, data experts, veterans, and mission practitioners dedicated to delivering operational AI that runs in production. The company is fast-paced, entrepreneurial, and mission-driven, offering meaningful work with rapid deployment.

Requirements

Active Secret clearance (minimum).
U.S. citizenship required.
Active DoD 8570 IAT Level II or IAM Level II certification (e.g., Security+, CISSP, CISM, CAP).
Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field (or equivalent experience).
5+ years of experience as an ISSO supporting DoD or federal information systems.
Strong working knowledge of DoD Risk Management Framework (RMF).
Strong working knowledge of NIST 800-53 controls.
Strong working knowledge of STIG compliance and validation.
Experience with vulnerability management tools (ACAS/Nessus) and HBSS (ePO).
Experience managing ATO packages, POA&Ms, and accreditation artifacts.
Familiarity with DISA, CYBERCOM IAVAs, and federal cybersecurity compliance processes.
Experience developing technical documentation including system diagrams and security plans.
Strong understanding of access control models, auditing, and secure system design.
Strong analytical, organizational, and problem-solving skills.
Ability to manage multiple priorities in a high-tempo, compliance-driven environment.

Nice To Haves

Java development experience supporting backend services or secure application environments.
Experience working directly with engineering teams to implement secure development practices.
Familiarity with Oracle and SQL Server environments, including security configuration and auditing.
Experience supporting ICAM integration or identity/access management initiatives.
Experience supporting system modernization or migration efforts in secure environments.
Familiarity with ETL pipelines, data platforms, or data ingestion systems.
Experience supporting DoD, DISA, or Intelligence Community programs.
Experience operating in classified or cloud-isolated environments (e.g., C2S, SC2S).
Experience integrating security into CI/CD pipelines (DevSecOps practices).

Responsibilities

Maintain the security posture of TIBI systems in compliance with DoD and DISA cybersecurity requirements.
Lead and support Risk Management Framework (RMF) activities, including development, maintenance, and submission of ATO documentation.
Ensure compliance with NIST 800-53 controls, DISA STIGs (Oracle, SQL Server, OS-level), DISA CTO and INFOCON requirements.
Conduct and maintain STIG checklists, vulnerability tracking, and remediation activities.
Analyze and remediate vulnerabilities identified through ACAS (Nessus) and HBSS tools.
Manage POA&Ms, track remediation progress, and ensure timely resolution of findings.
Support CYBERCOM IAVA compliance through patching coordination and validation.
Generate and maintain cybersecurity reporting, including system status, patching, compliance posture, and risk tracking.
Audit access controls, user permissions, and data access patterns to ensure least-privilege enforcement.
Develop and maintain security documentation including System Security Plans (SSPs), Architecture and configuration diagrams, Incident Response Plans (IRPs), and Continuity of Operations Plans (COOPs).
Support incident response, investigation, and recovery activities as required.
Collaborate with ISSM and government stakeholders to respond to taskers, audits, and evolving cybersecurity requirements.
Develop and maintain system architecture diagrams, data flows, and interdependency mappings.
Document system configurations, dependencies, and operational workflows to support accreditation and sustainment.
Identify system risks and critical paths that impact security posture and operational continuity.
Support application-level security by collaborating with engineering teams on secure coding practices and remediation efforts.
Contribute to Java-based backend enhancements supporting long-term TIBI modernization (Java preferred).
Identify and propose modernization opportunities across architecture, data flows, and integration patterns.
Support data engineering tasks, including data transformation, ETL refinement, and performance optimization.
Configure and deploy Torch.AI data ingestion and orchestration capabilities to enhance TIBI workflows.
Collaborate closely with Torch.AI engineering teams to integrate modern data movement, semantic processing, and orchestration patterns.
Assist with integration testing, release validation, and troubleshooting in secure environments.
Support database-level security considerations including auditing, access control, and performance impacts of security controls.
Participate in system modernization efforts by identifying security implications of architectural changes.
Provide technical input to ensure modernization efforts align with compliance and accreditation requirements.
Coordinate with developers, system administrators, cybersecurity personnel, and program leadership.
Support release cycles, change management processes, and deployment readiness from a security perspective.
Ensure systems remain compliant across development, test, and production environments.
Maintain documentation, SOPs, and operational artifacts supporting secure system delivery.