Senior Information Systems Security Officer (ISSO)

Independent Software•Columbia, MD

About The Position

As an Information Systems Security Officer at Independent Software, you will play a critical role in strengthening and defending the security posture of mission-critical systems supporting the Department of Defense and Intelligence Community. You will lead cybersecurity efforts across the full system lifecycle, from initial design and Risk Management Framework (RMF) implementation through system authorization, continuous monitoring, and ongoing sustainment. In this role, you will serve as a key security authority for assigned systems and programs, ensuring compliance with evolving DoD and IC policies while proactively identifying and mitigating risks to classified environments. You will work closely with system administrators, engineers, and program leadership to integrate security into system architecture and operations, ensuring security is embedded—not bolted on—throughout the lifecycle. You will drive system authorization activities, oversee vulnerability management efforts, and guide remediation strategies to maintain operational readiness and accreditation. Additionally, you will provide technical leadership in interpreting security requirements, implementing controls, and responding to emerging threats, while continuously improving processes to enhance resilience, compliance, and mission effectiveness. Your expertise will directly support national security objectives by ensuring systems remain secure, compliant, and capable of operating in high-threat, high-stakes environments.

Requirements

Ability to interpret and apply Department of Defense, National Institute of Standards and Technology, and Intelligence Community security standards including NIST SP 800-53, CNSSI 1253, and DoDI 8510.01
Skilled in Risk Management Framework steps 1 through 6, risk mitigation, and continuous monitoring
Experience implementing and validating technical controls for operating systems, applications, and network devices
Hands-on experience with vulnerability scanners, audit tools, and enterprise security management systems such as ACAS, Nessus, or comparable tools
Familiarity with customer security tools, repositories, playbooks, and compliance guidelines
Operational understanding of server technologies, information assurance practices, and networking protocols and services
Ability to perform detailed risk assessments and author clear, actionable security documentation
Strong written and verbal communication skills with the ability to brief stakeholders and leadership
Proven ability to work in a cross-functional classified environment with minimal supervision
Exposure to infrastructure provisioning or configuration management tools (e.g., Ansible, Terraform)
Bachelor’s degree in computer science, Information Security, Information Assurance, or related technical discipline
In lieu of a degree, an additional four years of relevant experience may be substituted
Minimum of twelve or more years of professional experience in cybersecurity, information assurance, or systems security engineering
Minimum of ten or more years of ISSO or equivalent experience supporting Department of Defense or Intelligence Community programs of similar scope, type, and complexity
DoD 8140.03 compliance with IAM Level II or IAT Level III (CASP, CISSP, or Associate)
Must possess an active TS/SCI with appropriate Polygraph to be considered for this role

Responsibilities

Manage daily security operations for information systems ensuring compliance with Department of Defense and Intelligence Community cybersecurity policies, directives, and frameworks
Support and enforce information assurance initiatives across programs, systems, and enclaves to strengthen overall security posture
Conduct vulnerability and risk assessments to support accreditation decisions and ensure system integrity throughout development and sustainment
Administer configuration control for security software, hardware, and firmware ensuring all changes are evaluated for potential security impacts
Create and maintain critical security documentation including: – System Security Plans (SSPs) – Risk Assessment Reports (RARs) – Plan of Actions and Milestones (POA&Ms) – Certification and Accreditation Packages – System Requirements Traceability Matrices (SRTMs)
Lead system authorization efforts in accordance with the Department of Defense Risk Management Framework process and legacy NISCAP standards ensuring timely submission and approval of security artifacts
Evaluate, implement, and maintain security solutions for classified processing environments ensuring compliance with required controls and standards
Utilize and manage agency-specific security tools such as Latteart, Biscoti, Xacta, ACAS, Nessus, or similar platforms for monitoring, assessment, and reporting
Provide technical expertise in security policies, procedures, and countermeasures to protect systems from unauthorized access or compromise
Work directly with system administrators, engineers, and program leadership to resolve security issues and embed cybersecurity best practices across all project phases
Assess current security processes, identify vulnerabilities, and develop proactive solutions to strengthen the organization’s cybersecurity posture