ISSO/Security SME

About The Position

Requirements

• Bachelor's in Computer Science, Cybersecurity, or related field.
• Minimum 5 years of progressive cybersecurity experience, including RMF/ATO support.
• Demonstrated expertise in RMF, NIST security controls, risk assessment, security documentation, and compliance support.
• CISSP certification is a plus.
• Clearance: Must be a U.S. Citizen with an active Secret security clearance.

Nice To Haves

• Security certifications such as CISSP, CAP, or Security+ CE.
• Experience supporting security for large federal enterprise systems and multi-environment operations (e.g., dev/test/stage/prod).
• Experience serving as an ISSO within DoD or federal agency programs.
• Experience with vulnerability management and continuous monitoring tooling.
• Working knowledge of secure configuration standards (e.g., STIGs, SRGs) and secure change/configuration management practices.
• Familiarity with eMASS, XACTA, or similar GRC tools.
• Strong communication skills and ability to translate security requirements into actionable guidance for technical and non-technical stakeholders.

Responsibilities

• Serve as the Information System Security Officer (ISSO) for assigned information systems and environments, overseeing cybersecurity compliance and operational security posture in accordance with RMF.
• Develop, maintain, and update ATO artifacts and supporting evidence, including the System Security Plan (SSP), POA&M, Security Assessment documentation, and continuous monitoring strategy.
• Coordinate security control implementation and verification in alignment with NIST SP 800-53, applicable federal and DoD guidance, and organizational security policies.
• Partner with engineering, operations, and program governance teams to integrate security into Agile/DevSecOps workflows, including security reviews, automated control evidence collection (where applicable), and release readiness gates.
• Manage continuous monitoring activities and reporting, including vulnerability management coordination, assessment of scan results, prioritization of remediation, and tracking to closure.
• Support incident response activities, including coordination, documentation, root cause support, and corrective action tracking in alignment with established procedures.
• Collaborate with Government stakeholders, security officials, and system owners to support authorization decisions, audits, and cybersecurity reviews.
• Contribute to security planning for environment changes and modernization initiatives, including boundary considerations, inheritance/reciprocity, and secure configuration baselines.
• Other duties as assigned.