ISSO-Info Systems Sec Officer

About The Position

Requirements

• Core Competencies: o Ownership mindset with bias for action and detail orientation.
• Excellent stakeholder management—able to work seamlessly with engineering, operations, legal, and agency partners.
• Analytical problem-solver who can balance strict compliance requirements with practical, cloud-native solutions.
• Strong organization and project management skills (deadlines, evidence quality, status reporting).
• Required: o 2-4+ years in Information Security, with 2+ years directly supporting FedRAMP or related NIST RMF frameworks.
• Deep knowledge of NIST SP 800-53 Rev. 5, FedRAMP Moderate/High baselines, and continuous monitoring requirements.
• Hands-on experience maintaining SSP, POA&M, SAP/SAR, and ConMon deliverables; proven success navigating 3PAO assessments and ATO activities.
• Cloud proficiency in AWS (architectural patterns, shared responsibility model, native security services).
• Experience using Cyber GRC Platform(s), (e.g. Xacta, eMASS etc.) working authorizations, control implementations, workflow/evidence management.
• Vulnerability management tools (e.g., Tenable Nessus, Qualys), SIEM/SOAR (e.g., Splunk, AWS Config ), and ticketing platforms (e.g., Jira,).
• Strong technical writing skills and the ability to translate complex security concepts into clear, audit-ready documentation.
• US Citizenship required due to FedRAMP/agency requirements; ability to obtain/maintain appropriate Public Trust (or higher) clearance.

Nice To Haves

• Certification(s): CISSP, CAP, CCSK/CCSP, Security+, CISM (any combination preferred).
• Hands on use of Xacta
• Linux use and administration
• Experience Securing a Cloud Service Provider (CSP) FedRAMP Authorized environment.
• Knowledge of OSCAL, automated evidence generation, and compliance-as-code approaches.
• Ability to discuss boundary definition, multi-tenant isolation, and advanced logging/monitoring use cases for FedRAMP.
• Familiarity with FIPS-validated crypto, supply chain risk management, incident response drill coordination, and privacy requirements.

Responsibilities

• Authority to Operate (ATO) Lifecycle o Lead, develop, and maintain the System Security Plan (SSP), Security Assessment Plan/Report (SAP/SAR), POA\&M, and associated FedRAMP artifacts (e.g., Inventory, Control Implementation Statements, policies/procedures).
• Coordinate with Product/Engineering, Security Architecture, and Operations to ensure control implementations meet FedRAMP Moderate/High baselines and remain effective across release cycles.
• Partner with 3PAOs and agency stakeholders to support assessments, control gap closure, and ATO maintenance.
• Continuous Monitoring (ConMon) o Own monthly/quarterly reporting cadence, including vulnerabilities (RA-5), patching (SI-2), configuration management (CM), and incident handling (IR).
• Drive POA\&M management: validate findings, set remediation plans, track due dates, and ensure high-quality closure evidence.
• Ensure timely submission of ConMon deliverables and respond to FedRAMP PMO or AO data calls and actions.
• Risk & Compliance Operations o Perform risk assessments, control testing, and evidence collection; analyze control effectiveness and propose compensating controls where appropriate.
• Maintain a defensible control inheritance posture across CSP-native services and third-party integrations.
• Monitor changes (architecture, features, suppliers) for security impact and lead Security Impact Analyses (SIAs).
• Security Engineering Partnership o Work with engineering teams to embed security-by-design and secure SDLC practices; validate IaC baselines and security guardrails.
• Align logging, monitoring, and incident response with FedRAMP expectations (e.g., SIEM use cases, audit log retention, escalation, playbooks).
• Assist with Boundary/Authorization scope management, data flows, and multi-tenant isolation narratives.
• Stakeholder Communication & Governance o Serve as the point of contact for agencies, 3PAOs, and internal audit/compliance functions.
• Prepare and deliver briefings to leadership on risk posture, audit readiness, and remediation progress.
• Track and report Key Risk Indicators (KRIs) and compliance metrics.

Benefits

• Telos offers an excellent compensation package with benefits that include generous paid time off, medical, dental, vision, tuition reimbursement, and 401k.
• Telos offers excellent compensation packages including salary commensurate with experience and benefits to meet your needs for today and the future.