Senior Information Systems Security Officer

About The Position

Requirements

• Bachelor’s degree and 9+ years of IT security or systems security engineering experience, or Master’s degree with 7+ years of experience.
• Ability to obtain and maintain a public trust requiring U.S. Citizenship or Permanent Resident Status
• Hands-on experience implementing and managing security controls in enterprise or federal IT environments.
• Strong understanding of the NIST RMF, NIST SP 800-53, FISMA, and federal security policies including EO 14028 and OMB M-22-09.
• Experience performing risk assessments, preparing ATO documentation, and tracking control deficiencies in POA&Ms.
• Working knowledge of cloud security (AWS, Azure, GCP) and hybrid environments.
• Familiarity with enterprise platforms such as Microsoft 365, Azure AD, Cisco, and Oracle.
• Proficient in network and system security concepts, including IDS/IPS, VPNs, encryption, secure baselining, and OS hardening.
• Experience supporting third-party security assessments or audits.
• Strong documentation, reporting, and communication skills, including the ability to convey complex technical issues to non-technical audiences.
• Proficient in Microsoft Office (Word, Excel, PowerPoint, SharePoint).

Nice To Haves

• Current cybersecurity certification such as CISSP, CISM, or Security+.
• Experience with GRC and SA&A tools such as Archer, eMASS, CSAM, or Xacta.
• Familiarity with FedRAMP, cloud compliance requirements, and federal privacy regulations.
• Knowledge of OWASP Top 10 and modern application security best practices.
• Understanding of adversary TTPs and frameworks such as MITRE ATT&CK.
• Ability to work independently and manage priorities in a fast-paced, dynamic environment.

Responsibilities

• Develop, implement, and maintain IT security controls in accordance with NIST SP 800-53, RMF, and agency security policies.
• Support the preparation, review, and submission of Security Authorization packages, including the System Security Plan (SSP), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M).
• Coordinate and prepare systems for Security Control Assessments (SCA), ensuring all artifacts are accurate and complete.
• Conduct and document Security Impact Analyses (SIAs) for changes to hardware, software, cloud infrastructure, or connectivity.
• Participate in configuration and change control processes, ensuring secure baselines are maintained and reflected in documentation.
• Assist in system categorization and validate asset inventories to ensure appropriate control baselines are applied.
• Assess control implementation effectiveness and identify deficiencies for remediation or risk acceptance.
• Document business justifications and mitigation strategies for risk acceptance proposals for Authorizing Officials.
• Support Continuous Monitoring by reviewing security alerts, system changes, and compliance evidence to ensure ongoing authorization.
• Contribute to the development, revision, and enforcement of security policies, procedures, and technical guidelines.
• Participate in internal IT governance processes, including exception handling, standards reviews, and control waivers.
• Support security awareness and training compliance for personnel with system access.
• Monitor evolving threats and recommend adaptive security controls in response to risk landscape changes.
• Prepare high-quality technical documentation, status reports, and risk briefings for internal and external stakeholders.

Benefits

• Competitive salary based on experience
• Profit sharing distributed twice a year
• 15 days of paid time off and 10 paid holidays per year
• 401(k) with employer matching
• Health and dental benefits
• Opportunity to work with other talented technical professionals