Information Systems Security Officer (ISSO), Java / Application Security

Torch.AI•Leawood, KS

19h•Onsite

About The Position

Torch.AI builds the AI Control Layer for the United States Government, providing foundational infrastructure that transforms complex, multi-domain data into operational decision advantage. Their platform is accredited, deployed, and operates across enterprise clouds and tactical edge environments, supporting various functions like billing, reporting, multi-INT fusion, predictive movement analysis, and decision support for cross-domain operations. In 2021, Torch.AI acquired The Data Tech Group (DTG), a provider of mission-critical software and sustainment support. Torch.AI (DTG) is crucial in supporting the Defense Information Systems Agency (DISA) Telecommunications Inventory and Billing Information (TIBI) program, which manages and reconciles telecommunications service inventory and billing data for DoW customers. This role involves leading and maintaining the security posture of this mission-critical DISA system, focusing on cybersecurity, compliance, and software delivery. The successful candidate will be central to sustaining ATO accreditation, managing vulnerabilities, and guiding secure modernization efforts, collaborating with government stakeholders and engineering teams to ensure system security, compliance, and operational effectiveness. Torch.AI (DTG) emphasizes that the government should own its data and decision infrastructure, enhancing existing systems rather than replacing them. The team, with over 20 years of experience with DISA, is composed of engineers, data experts, veterans, and mission practitioners dedicated to delivering operational AI rapidly and at scale. The environment is fast-paced, entrepreneurial, and mission-driven, offering meaningful work with quick deployment cycles.

Requirements

Active Secret clearance (minimum).
U.S. citizenship required.
Active DoD 8570 IAT Level II or IAM Level II certification (e.g., Security+, CISSP, CISM, CAP).
Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field (or equivalent experience).
5+ years of experience as an ISSO supporting DoD or federal information systems.
Strong working knowledge of: DoD Risk Management Framework (RMF).
Strong working knowledge of: NIST 800-53 controls.
Strong working knowledge of: STIG compliance and validation.
Experience with vulnerability management tools (ACAS/Nessus) and HBSS (ePO).
Experience managing ATO packages, POA&Ms, and accreditation artifacts.
Familiarity with DISA, CYBERCOM IAVAs, and federal cybersecurity compliance processes.
Experience developing technical documentation including system diagrams and security plans.
Strong understanding of access control models, auditing, and secure system design.
Strong analytical, organizational, and problem-solving skills.
Ability to manage multiple priorities in a high-tempo, compliance-driven environment.

Nice To Haves

Java development experience supporting backend services or secure application environments.
Experience working directly with engineering teams to implement secure development practices.
Familiarity with Oracle and SQL Server environments, including security configuration and auditing.
Experience supporting ICAM integration or identity/access management initiatives.
Experience supporting system modernization or migration efforts in secure environments.
Familiarity with ETL pipelines, data platforms, or data ingestion systems.
Experience supporting DoD, DISA, or Intelligence Community programs.
Experience operating in classified or cloud-isolated environments (e.g., C2S, SC2S).
Experience integrating security into CI/CD pipelines (DevSecOps practices).

Responsibilities

Maintain the security posture of TIBI systems in compliance with DoD and DISA cybersecurity requirements.
Lead and support Risk Management Framework (RMF) activities, including development, maintenance, and submission of ATO documentation.
Ensure compliance with: NIST 800-53 controls, DISA STIGs (Oracle, SQL Server, OS-level), DISA CTO and INFOCON requirements.
Conduct and maintain STIG checklists, vulnerability tracking, and remediation activities.
Analyze and remediate vulnerabilities identified through ACAS (Nessus) and HBSS tools.
Manage POA&Ms, track remediation progress, and ensure timely resolution of findings.
Support CYBERCOM IAVA compliance through patching coordination and validation.
Generate and maintain cybersecurity reporting, including system status, patching, compliance posture, and risk tracking.
Audit access controls, user permissions, and data access patterns to ensure least-privilege enforcement.
Develop and maintain security documentation including: System Security Plans (SSPs), Architecture and configuration diagrams, Incident Response Plans (IRPs), Continuity of Operations Plans (COOPs).
Support incident response, investigation, and recovery activities as required.
Collaborate with ISSM and government stakeholders to respond to taskers, audits, and evolving cybersecurity requirements.
Develop and maintain system architecture diagrams, data flows, and interdependency mappings.
Document system configurations, dependencies, and operational workflows to support accreditation and sustainment.
Identify system risks and critical paths that impact security posture and operational continuity.
Support application-level security by collaborating with engineering teams on secure coding practices and remediation efforts.
Contribute to Java-based backend enhancements supporting long-term TIBI modernization (Java preferred).
Identify and propose modernization opportunities across architecture, data flows, and integration patterns.
Support data engineering tasks, including data transformation, ETL refinement, and performance optimization.
Configure and deploy Torch.AI data ingestion and orchestration capabilities to enhance TIBI workflows.
Collaborate closely with Torch.AI engineering teams to integrate modern data movement, semantic processing, and orchestration patterns.
Assist with integration testing, release validation, and troubleshooting in secure environments.
Support database-level security considerations including auditing, access control, and performance impacts of security controls.
Participate in system modernization efforts by identifying security implications of architectural changes.
Provide technical input to ensure modernization efforts align with compliance and accreditation requirements.
Coordinate with developers, system administrators, cybersecurity personnel, and program leadership.
Support release cycles, change management processes, and deployment readiness from a security perspective.
Ensure systems remain compliant across development, test, and production environments.
Maintain documentation, SOPs, and operational artifacts supporting secure system delivery.