Senior Information System Security Officer

Leidos•Alexandria, VA

22h•$107,900 - $195,050

About The Position

This Department of War enterprise data and analytics program delivers mission-critical capabilities that enable leaders across the Department to make faster, better-informed decisions using trusted data at scale. Leidos Digital Modernization sector is seeking an experienced Senior Information System Security Officer to support the delivery, enhancement, and adoption of enterprise data and analytics products used across multiple DoD organizations. In this role, you will work alongside government partners, engineers, and other industry teammates to translate operational and strategic requirements into scalable, production-ready solutions. You will contribute directly to product planning, execution, and continuous improvement—helping ensure capabilities are delivered efficiently, aligned to mission priorities, and positioned for sustained success. This position offers the opportunity to work on a high-visibility, enterprise program at the intersection of data, analytics, and emerging AI technologies. Ideal candidates are motivated by mission impact, comfortable operating in complex stakeholder environments, and interested in building deep domain expertise while delivering capabilities with real-world national security outcomes.

Requirements

Active Top Secret (TS)/ SCI clearance
Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, Information Systems, Engineering, or related technical discipline OR equivalent training/experience aligned to DoD 8140 pathways.
At least one of the following foundational qualification pathways consistent with DoD 8140 requirements: Current DoD 8570/8140 baseline certification appropriate for Intermediate Information Systems Security Manager roles (e.g., CAP, CASP+, CISSP, or equivalent), Offerings listed in the DoD 8140 Training Repository, Demonstrated equivalent training and experience qualifying under DoD 8140 foundational qualification alternatives.
Minimum of 8 years of relevant experience supporting cybersecurity, RMF, or ISSO/ISSM functions in DoD or Federal environments.
Experience with NIST RMF, FedRAMP, FISMA, and DoD cybersecurity policies and standards.
Experience supporting RMF processes including system authorization and continuous monitoring.
Experience developing and maintaining RMF documentation (e.g., SSPs, POA&Ms, BOE artifacts).
Experience working with GRC tools such as eMASS or equivalent.
Experience analyzing vulnerabilities, security controls, and compliance requirements.
Experience supporting cybersecurity audits, inspections, and compliance activities.
Proven track record of developing and executing cybersecurity plans and strategies.
Experience conducting security assessments and audits.
Excellent communication and leadership skills.

Nice To Haves

Active TS/SCI with CI Poly clearance.
Master’s degree in Cybersecurity, Information Technology, or a related field.
Additional certifications such as CISSP, CISM, CEH, or CRISC.
Experience with cloud security and AI/ML security practices.
Familiarity with DoD information systems and environments.
Experience with cybersecurity incident response and management.
Strong analytical and problem-solving skills.
Experience with cybersecurity tools and technologies.

Responsibilities

Support execution of RMF processes including system authorization, continuous monitoring, and compliance validation.
Develop, review, and maintain RMF artifacts including System Security Plans (SSPs), POA&Ms, Security Assessment Reports (SARs), and BOE artifacts.
Support development and maintenance of the Cybersecurity Operations Plan (CYP) for the program.
Ensure timely updates and delivery of the CYP based on government feedback.
Ensure systems maintain compliance with NIST SP 800-53, DoD RMF, FedRAMP, FISMA, and DoD cybersecurity policies and standards.
Monitor systems for changes impacting security posture and ensure documentation is updated accordingly.
Support preparation and submission of cybersecurity authorization packages (e.g., ATO, IATT, change requests).
Conduct and support continuous monitoring activities, including compliance scanning, security assessments, security control validation and audits to identify vulnerabilities and ensure compliance.
Analyze vulnerability data and support remediation tracking and resolution.
Collaborate with Information System Owner (ISO), Information System Security Engineer (ISSE), and Information System Security Manager (ISSM) to implement and validate security controls.
Collaborate with ISSMs, system engineers, DevSecOps teams, and cybersecurity personnel to ensure secure system operation.
Support development and maintenance of cybersecurity policies, procedures, and compliance documentation.
Assist in audit readiness activities and support cybersecurity inspections and assessments.
Support cybersecurity incident response coordination and documentation activities.
Maintain data within GRC tools (e.g., eMASS or equivalent) to ensure accuracy and completeness of cybersecurity records.
Provide reporting and analysis to support Government risk-based decision making.
Support cybersecurity training and awareness programs for staff.
Coordinate with external stakeholders to ensure cybersecurity requirements are met.
Prepare and present cybersecurity reports and metrics to senior leadership.
Respond to and manage cybersecurity incidents and breaches.