Senior Information System Security Officer (ISSO)

Summary

We are seeking a Senior Information System Security Officer (ISSO) to support mission-critical systems by executing RMF processes, maintaining system compliance, and enabling secure operations within a federal environment. This is a hands-on role focused on ATO support, vulnerability management, and continuous monitoring, working closely with engineering teams to ensure systems meet federal cybersecurity requirements.

Responsibilities

• Execute the Risk Management Framework (RMF) lifecycle, including control implementation, assessment, and authorization support
• Develop and maintain security documentation including System Security Plans (SSPs), POA&Ms, Security Assessment Reports (SARs), and risk assessments
• Implement and monitor NIST SP 800-53 security controls to support ATO and ongoing compliance
• Conduct vulnerability scanning and assessments using tools such as ACAS, Nessus, SCAP, and STIG Viewer
• Track and manage remediation of vulnerabilities (e.g., CVE/IAVM findings) in coordination with system administrators and developers
• Support continuous monitoring activities, including audit log review, system auditing, and compliance validation
• Review and assess system changes, patches (WSUS), and deployments for security impact
• Utilize tools such as eMASS to manage system authorization packages and track compliance status
• Collaborate with engineering and operations teams to ensure secure system configuration and hardening (STIGs)
• Support incident response coordination and contingency planning (e.g., COOP) as needed
• Prepare for and support security audits, inspections, and ATO reviews

Required Skills & Qualifications

• Strong experience as an ISSO supporting federal systems (FBI/DoD/IC preferred)
• Hands-on experience with RMF (NIST SP 800-37) and NIST SP 800-53 controls
• Experience developing and maintaining ATO documentation (SSP, POA&M, SAR, etc.)
• Proficiency with security tools such as ACAS, Nessus, SCAP Compliance Checker, STIG Viewer, and eMASS
• Familiarity with vulnerability management processes (CVE, IAVM) and remediation tracking
• Experience with continuous monitoring, system auditing, and compliance reporting
• Understanding of system hardening, patching (WSUS), and secure configurations across Windows/Linux environments
• Exposure to security monitoring tools (e.g., Splunk, HBSS, Snort) is a plus
• Ability to work closely with technical teams to drive risk mitigation and compliance outcomes
• Strong technical writing and communication skills for documenting and briefing security posture
• Bachelor’s degree (or equivalent experience) with 8 years of relevant experience