Information System Security Officer (ISSO)

OneZero Solutions

$90K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, or related field
  • 5-8 years of cybersecurity or information assurance experience
  • 3+ years as an ISSO or in equivalent roles for federal or intelligence community programs
  • 3+ years in Risk Management Framework (RMF) activities, including System Security Plan (SSP) development
  • 2+ years in classified environments at the TS/SCI level
  • 2+ years assessing Cross Domain Solutions (CDS)
  • 2+ years with AI-related security considerations and data-intensive systems
  • Familiarity with federal security frameworks (NIST 800-53, ICD 503, etc.)
  • Experience with Archer GRC or equivalent compliance platforms
  • Relevant certifications such as Security+, CISSP, CISM, or CAP

Responsibilities

  • Monitor and maintain security posture of TS/SCI systems and AI platforms
  • Conduct ongoing system configuration and access reviews to identify vulnerabilities
  • Perform continuous monitoring activities and report security metrics
  • Track security changes and assess impact on system authorization
  • Coordinate vulnerability scanning and remediation across systems
  • Stay updated on Generative AI threats and risks
  • Develop and maintain RMF authorization packages and documentation
  • Ensure CDS documentation requirements are met prior to authorization
  • Document AI-specific security considerations in RMF processes
  • Coordinate with system architects to validate security control implementations

Benefits

  • Opportunities for professional development and certifications
  • Collaborative team environment focused on security innovation
  • Regular engagement with government stakeholders and program managers
  • Work within highly specialized and classified environments
  • Involvement in cutting-edge security technologies, including AI systems
Full Job Description
Position Title: Information System Security Officer (ISSO)

Location: On-site in a SCIF in the National Capital Region (NCR) - Nebraska Avenue Complex, Washington, DC (work locations transitioning to ICCB Bethesda / St. Elizabeths). Telework is not authorized; a designated Key Person must be available on-site during core hour

Clearance: TS/SCI

Job Summary:

Serve as the primary security point of contact for assigned systems, coordinating daily with system owners, ISSMs, ISSEs, program managers, and government stakeholder. Prepare and deliver regular security status reports covering system compliance posture, open POA&M items, continuous monitoring results, and outstanding risks. Brief system owners and program leadership on security findings, risk decisions, and authorization status changes.

Education and Experience:
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a closely related field
  • 5-8 years of total cybersecurity or information assurance experience, with demonstrated depth across the following disciplines:
  • 3+ years serving as an ISSO or equivalent role supporting federal, DHS, or IC programs
  • 3+ years supporting RMF activities including SSP development, security control assessment, continuous monitoring, and POA&M management
  • 2+ years working in classified environments at the TS/SCI level, including handling, storage, and processing of classified information in accordance with applicable security policies
  • 2+ years supporting or assessing Cross Domain Solutions (CDS), including data transfer validation, CDS policy enforcement, and coordination with accreditation authorities
  • 2+ years supporting AI, or data-intensive system assessments, with working knowledge of the unique security considerations for Generative AI systems including data integrity, model security, prompt injection risks, and output validation
  • Working knowledge of applicable federal security frameworks including NIST 800-53, NIST 800-137, ICD 503, CNSSI 1253, and DHS security policy
  • Familiarity with Archer GRC or equivalent governance, risk, and compliance platforms for control tracking and assessment documentation
  • Experience coordinating directly with ISSMs, ISSEs, system owners, and Authorizing Officials on security authorization and compliance matters
  • Certifications: Security+, CISSP, CISM, CAP, or equivalent

Essential Duties:
  • Monitor and maintain the security posture of assigned TS/SCI systems, CDS, and Generative AI platforms, ensuring continuous compliance with applicable security requirements and authorization conditions
  • Conduct ongoing review of system configurations, user access, audit logs, and security controls to detect deviations, anomalies, and potential vulnerabilities
  • Perform continuous monitoring activities in accordance with NIST 800-137 and program-specific continuous monitoring strategies, including control assessments, log reviews, and security metric reporting
  • Track and report security-relevant changes to assigned systems, assessing the impact of changes on system authorization status and initiating re-assessment activities as required
  • Support and coordinate vulnerability scanning, patch compliance tracking, and remediation validation across assigned systems including AI infrastructure and CDS components
  • Maintain awareness of the evolving threat landscape as it pertains to Generative AI systems, including emerging risks such as prompt injection, model poisoning, data exfiltration through AI outputs, and adversarial inputs
  • Develop, maintain, and update complete RMF authorization packages including System Security Plans (SSP), Security Assessment Reports (SAR), Plans of Action and Milestones (POA&M), Interconnection Security Agreements (ISA), and supporting artifacts
  • Ensure all CDS-specific documentation requirements are met, including data transfer validation records, CDS accreditation artifacts, and coordination with the Authorizing Official and relevant accreditation bodies
  • Document AI-specific security considerations within authorization packages, including model provenance, training data controls, input/output validation mechanisms, and Generative AI-specific risk acceptance decisions
  • Coordinate with ISSEs and system architects to ensure security controls are correctly implemented, validated, and documented prior to authorization
  • Manage POA&M items through their full lifecycle - creation, tracking, evidence collection, remediation verification, and closure
  • Review remediation artifacts

Similar Jobs

More Jobs at OneZero Solutions

More Information Technology Jobs

Find similar Information System Security Officer (ISSO) jobs: