Start: Future projects late 2026 or 2027 (not an immediate job opening)
OverviewThe Information System Security Officer (ISSO) supports the cybersecurity and compliance requirements of federal information systems in accordance with NIST, RMF, FISMA, FedRAMP, DoD, and agency-specific security requirements. The ISSO serves as the primary liaison between system owners, cybersecurity teams, and government stakeholders to ensure systems maintain an acceptable security posture and remain compliant throughout the system lifecycle.
Responsibilities- Support the implementation and maintenance of Risk Management Framework (RMF) processes.
- Develop, review, and maintain security documentation, including:
- System Security Plans (SSPs)
- Security Assessment Reports (SARs)
- Plans of Action & Milestones (POA&Ms)
- Security Control Traceability Matrices (SCTMs)
- Continuous Monitoring (ConMon) documentation
- Conduct security control assessments and compliance reviews.
- Coordinate Authorization to Operate (ATO), Interim ATO (IATO), and authorization package updates.
- Support vulnerability management activities, including reviewing and tracking findings from tools such as Nessus, ACAS, Tenable, Qualys, and SCAP.
- Monitor and assess cybersecurity risks and recommend mitigation strategies.
- Coordinate with system administrators, network engineers, developers, and security personnel to address security requirements.
- Review system changes and participate in configuration control boards (CCBs) as required.
- Support audits, inspections, and cybersecurity assessments.
- Ensure compliance with NIST 800-53, FISMA, agency policies, and applicable federal regulations.
- Maintain security metrics and provide regular status reports to government stakeholders.
- Support incident response activities and security investigations when required.
Required Qualifications
- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or related field (or equivalent experience).
- 3+ years of experience supporting federal cybersecurity, RMF, or information assurance programs.
- Experience developing and maintaining RMF authorization packages.
- Working knowledge of:
- NIST 800-53
- NIST 800-37
- FISMA
- Security Control Assessments
- Continuous Monitoring
- Experience with vulnerability scanning and remediation processes.
- Strong written and verbal communication skills.
- Active Top Secret or Secret or Pubic Trust clearance or ability to obtain one.
Preferred Qualifications
- Experience with eMASS, XACTA, CSAM, or similar governance and compliance tools.
- Knowledge of FedRAMP, DoD RMF, or Intelligence Community security requirements.
- Experience supporting cloud environments (AWS, Azure, GovCloud).
- Security certification such as:
- Security+
- CISSP
- CAP
- CISM
- GSLC
Desired Skills
- Risk assessment and mitigation
- Security compliance and auditing
- Vulnerability management
- Cybersecurity policy implementation
- Security documentation development
- Stakeholder coordination
- Continuous monitoring and reporting
Typical Federal Customers: DHS, DoD, VA, HHS, Treasury, and other civilian federal agencies.
Salary Range: $70,000 - $145,000 (depending on experience, clearance level, and location). This range represents a good-faith estimate and is not a guarantee; final compensation is determined by factors such as experience, qualifications, and government contract labor rate requirements and may fall outside the stated range.
