Information Systems Security Officer
About The Position
Support mission-critical national security programs as the lead Information Systems Security Officer (ISSO) overseeing the full lifecycle of Risk Management Framework (RMF) authorization activities. You will rely on cybersecurity and Information Assurance (IA) background to be a technical leader and support Enterprise activities and Booz Allen customers throughout multiple classified computing domains. You will assume responsibility for ensuring all Information System Security policies, standards, and directives are enforced to support assessment, authorization and continued operation of information systems processing classified information. You will define security expectations, drive the remediation of vulnerabilities, and collaborate across multidisciplinary teams to ensure systems remain authorized, protected, and mission ready.
Requirements
- 5+ years of experience with NIST 800‑53, ICD 503, RMF, and secure system operations
- Experience developing and maintaining A&A artifacts
- Experience with STIGs, Tenable scanning, mitigation of ACAS results, CVE research, and vulnerability remediation coordination
- Experience solving technical problems quickly and identifying opportunities to automate repetitive processes
- Experience building or reviewing SPLUNK dashboards and audit analysis
- Experience with Cybersecurity in the IC community
- Knowledge of network security principles and practices
- TS/SCI clearance with a polygraph
- HS diploma or GED
- IAM Level III certification, such as CISSP, GSLC, or CISM
Nice To Haves
- Experience as an ISSO, ISSM, ISSE, or SCA supporting classified programs
- Experience coordinating and documenting data spill response activities
- Possession of strong communication and leadership skills
- Bachelor’s degree in a Cybersecurity or IT related field preferred
- CCNA, Red Hat, or Windows certification
Responsibilities
- Lead RMF authorization activities, including system categorization, control selection, assessment preparation, authorization packages, technical vulnerability assessments, and ongoing monitoring.
- Oversee vulnerability management cycles, including ACAS reviews, CVE analysis, plugin evaluation, POA&M development, and mitigation coordination.
- Direct the development, maintenance, and accuracy of all A&A artifacts, such as SSP, POA&M, CONOPS, and monitoring plans.
- Manage audit log collection, review, dashboard analysis, and reporting through SPLUNK and other enterprise tools.
- Ensure system incident response and recovery efforts follow approved procedures and maintain full security functionality.
- Serve as the central point of contact for security posture, policy interpretation, and compliance guidance.
Benefits
- health, life, disability, financial, and retirement benefits
- paid leave
- professional development
- tuition assistance
- work-life programs
- dependent care
- recognition awards program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
High school or GED
