Information Systems Security Officer

About The Position

Requirements

• Top Secret Clearance required.
• Bachelor's Degree and/or an advanced degree in computer science, business management, or another IT related discipline is preferred (Experience in lieu of degree can be considered).
• 7 years of experience serving as an Information Systems Security Officer (ISSO) at a cleared facility.
• 9 years of work experience in a computer science or cybersecurity related field.
• Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, Splunk, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications.
• Experience with cloud security.
• Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency.
• Additional requirement to hold at least one Security certification from AWS, Azure, or GCP: AWS Certified Security – Specialty, (ISC)2 Certified Cloud Security Professional (CCSP), AWS Certified Solutions Architect – Associate, AZ-500: Microsoft Certified: Azure Security Engineer Associate, or Google - Professional Cloud Security Engineer.

Responsibilities

• Lead, mentor, and supervise a team of contractor security professionals responsible for the end-to-end implementation of the RMF lifecycle for FBI IT systems.
• Fill in as an ISSO for additional systems as needed.
• Oversee and coordinate activities within the Prepare step, ensuring roles, responsibilities, and risk management strategies are clearly defined and maintained.
• Guide system categorization efforts to ensure all information systems are appropriately classified based on mission/business impact and regulatory requirements.
• Advise on the selection, tailoring, and documentation of security controls aligned with system categorizations, Bureau risk appetite, and compliance requirements.
• Oversee the implementation of technical, operational, and management controls throughout system and application lifecycles, with a particular focus on quality and completeness of all deliverables.
• Ensure comprehensive security control assessments are planned, executed, and documented to validate the effectiveness of implemented safeguards.
• Prepare risk management documentation for system authorization and executive decision-making.
• Direct ongoing monitoring and continuous assessment activities, collecting metrics to adjust security strategies and ensure sustained compliance.
• Serve as a principal technical advisor on cybersecurity, bringing subject-matter expertise to risk analysis, incident response, system remediation, and audit support efforts.
• Foster a culture of security awareness, providing technical guidance and training to both team members and stakeholders.
• Track, report, and communicate status, risks, and improvement opportunities related to security engineering activities to leadership and stakeholders.
• Maintain up-to-date knowledge of RMF, NIST guidance, and industry best practices in support of continuous process improvement.

Benefits

• Best-in-class matching 401K program
• Comprehensive healthcare plan through Cigna
• Competitive employer contribution to a health savings account
• Vision and dental plans
• Life insurance
• Short- and long-term disability
• Personal leave
• Paid certifications and training