Information System Security Officer

Information System Security Officer (ISSO)
Clearance: Active TS/SCI required Environment: Classified DoD / Special Access Program (SAP) and SCI


About the Role
We are seeking an experienced Information System Security Officer (ISSO) to support the cybersecurity, compliance, and risk management of DoD information systems operating in classified and controlled environments. Working alongside the ISSM, system administrators, engineers, program managers, and government stakeholders, the ISSO helps ensure systems remain compliant with the Joint SAP Implementation Guide (JSIG), the DoD Risk Management Framework (RMF), and applicable Intelligence Community and DoD directives.
This is a hands-on role spanning the full RMF lifecycle - from implementing and assessing security controls to maintaining Authorization to Operate (ATO) and executing continuous monitoring. It's well suited to a detail-oriented security professional who wants ownership of authorization packages and direct engagement with government customers in a mission-focused setting.

What You'll Do
RMF & Cybersecurity Compliance

• Implement and maintain cybersecurity requirements in accordance with JSIG, RMF, and applicable DoD policy.
• Develop, maintain, and update core RMF documentation: System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Plans of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), and Continuous Monitoring Plans.
• Ensure security controls are implemented and sustained against approved security baselines.
• Support security authorization efforts across the full RMF lifecycle.

Continuous Monitoring & Vulnerability Management

• Execute continuous monitoring activities to sustain system authorization.
• Review and analyze vulnerability scan results from tools such as ACAS, track remediation, and validate closure.
• Conduct risk assessments and help develop mitigation strategies.
• Evaluate proposed system changes for security impact and support configuration management.

Security Operations

• Coordinate and support security audits, inspections, and assessments.
• Investigate, document, and respond to cybersecurity incidents.
• Ensure audit logs are reviewed and retained per security requirements.
• Verify system hardening and secure configurations, partnering with security engineers as needed.
• Enforce least-privilege and separation-of-duties principles, and provide security guidance to users and administrators.

Documentation & Reporting

• Maintain accurate cybersecurity records and artifacts required for compliance reviews.
• Prepare reports and briefings for program leadership, the ISSM, and government representatives.
• Maintain the evidence base required for internal and external assessments and authorization activities.

Required Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field (or equivalent experience).
• 5+ years of cybersecurity, information assurance, or information systems security experience.
• Direct experience supporting DoD RMF processes and cybersecurity compliance.
• Working knowledge of JSIG requirements and artifacts, NIST SP 800-53 controls, STIG implementation, and vulnerability management.
• Active TS/SCI clearance.
• Current DoD 8570/8140-compliant certification (e.g., CISSP, CISM, CASP+, or CISA).

Preferred Qualifications

• Experience supporting SAP, SCI, or other classified environments.
• Hands-on experience across Windows, Linux, and virtualized environments.
• Familiarity with Cross Domain Solutions (CDS) and cloud security in DoD environments.
• Proficiency with security tooling such as ACAS, Splunk, Tenable, or Trellix ePO.
• Experience building and supporting security assessment and authorization packages.
• Strong analytical, problem-solving, and documentation skills, with the ability to work independently and collaboratively in a mission-driven team.