Senior Information System Security Officer (ISSO)

Peraton-posted 3 days ago
Full-time • Mid Level
Onsite • College Park, MD
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Peraton Labs is seeking a poly cleared Senior Information System Security Officer for a mission-critical, highly complex HPC environment enabling research across multiple security domains. You will own day-to-day security operations aligned to RMF, drive continuous monitoring, maintain ATO posture, and partner closely with subcontractor and customer personnel. This position requires full-time on-site work in Laurel, or a customer site near College Park, MD. Key responsibilities may include Lead or co-lead ATO/reauthorization efforts for complex boundary systems Mentor junior ISSOs and shape security operations playbooks Perform risk analysis and author formal recommendations to leadership Drive security engineering outcomes by partnering with internal teams on scalable compliance patterns Brief senior internal and customer stakeholders on security posture, systemic risk trends, remediation burn-down, and authorization readiness Act as the Senior ISSO supporting the system security lifecycle across development, operations, and modernization Execute and maintain RMF activities (e.g., control implementation oversight, evidence collection, assessment support, POA&M management, continuous monitoring) Maintain security authorization artifacts (e.g., SSP, control narratives, diagrams, inheritance/leverage controls, CM plan, incident handling plan, contingency artifacts, user/admin procedures) Operate continuous monitoring: vulnerability management, config compliance, patching coordination, scan result triage, risk acceptance, and remediation verification. Review and approve security-relevant changes through configuration/change control and validate security configurations after major upgrades Support incident response and reporting: participate in investigations, coordinate containment actions, preserve evidence, and contribute to post-incident lessons learned Ensure least privilege/access governance: account management oversight, privileged access workflows, periodic access reviews, and audit compliance requirements Translate security requirements into implementation guidance that engineering teams can operationalize (clear, testable, and automatable where possible)

  • Lead or co-lead ATO/reauthorization efforts for complex boundary systems
  • Mentor junior ISSOs and shape security operations playbooks
  • Perform risk analysis and author formal recommendations to leadership
  • Drive security engineering outcomes by partnering with internal teams on scalable compliance patterns
  • Brief senior internal and customer stakeholders on security posture, systemic risk trends, remediation burn-down, and authorization readiness
  • Act as the Senior ISSO supporting the system security lifecycle across development, operations, and modernization
  • Execute and maintain RMF activities (e.g., control implementation oversight, evidence collection, assessment support, POA&M management, continuous monitoring)
  • Maintain security authorization artifacts (e.g., SSP, control narratives, diagrams, inheritance/leverage controls, CM plan, incident handling plan, contingency artifacts, user/admin procedures)
  • Operate continuous monitoring: vulnerability management, config compliance, patching coordination, scan result triage, risk acceptance, and remediation verification.
  • Review and approve security-relevant changes through configuration/change control and validate security configurations after major upgrades
  • Support incident response and reporting: participate in investigations, coordinate containment actions, preserve evidence, and contribute to post-incident lessons learned
  • Ensure least privilege/access governance: account management oversight, privileged access workflows, periodic access reviews, and audit compliance requirements
  • Translate security requirements into implementation guidance that engineering teams can operationalize (clear, testable, and automatable where possible)
  • 12+ years of experience and a BS in Computer Science, Cybersecurity, or related technical discipline, MS and 10+ years of experience, or a PhD and 8+ years of experience. Four years of additional experience is required in lieu of a Bachelors’ degree for a total of 16 years of experience
  • 8+ years of experience in information security/compliance supporting DOD/IC or government systems, including ownership of major RMF deliverables and ATO events for complex systems
  • Demonstrated leadership experience coordinating across security, engineering, and customer stakeholders
  • Ability to provide mentorship and direction to team members
  • Proven ability to write risk decisions and packages that stand up to assessor/AO scrutiny
  • Deep understanding of continuous monitoring at scale (recurring evidence, metrics, audit readiness, remediation governance)
  • Hands-on experience executing RMF tasks and maintaining authorization artifacts (SSP, POA&Ms, continuous monitoring evidence)
  • Strong working knowledge of NIST SP 800-53 controls and how they map to technical implementations and procedures
  • Experience with vulnerability and configuration compliance workflows
  • Familiarity with Linux-based enterprise environments and common hardening concepts
  • Ability to communicate risk clearly to both technical engineers and non-technical leadership
  • One or more active/current certifications such as: CISSP, CISM, CAP, GSLC, Security+, CCSP, INCOSE, CCNA, RHCE, MCSE, VCP, ITIL, PMP, Agile, and etc.
  • This position requires an active/current TS/SCI w/ Polygraph.
  • Experience securing or assessing containerized workflows (e.g., container runtime hardening, image governance, supply chain considerations)
  • Experience with eMASS (or comparable GRC tooling), security control inheritance models, and assessor engagement.
  • Familiarity with vulnerability tooling and security monitoring concepts
  • Experience with data protection requirements relevant to sensitive environments
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service