Information System Security Officer (ISSO)

ITCON Services is seeking an experienced and highly skilled Information Security Analyst / ISSO to support a new program for the Client, in a mission-driven environment. The ideal candidate is a proactive security leader with deep knowledge of federal cybersecurity standards, vulnerability management, cloud security, and the Risk Management Framework (RMF). This role partners closely with engineering, development, and customer teams and supporting solution design across multiple programs. At ITCON, we offer competitive compensation, paid training and development opportunities, healthcare benefits that start on your first day, commuter benefits, work-life balance, and the opportunity to work alongside an amazing and growing team. Applicant must be a citizen of the United States and clearable for Public Trust clearance with the U.S Government. Key Responsibilities Vulnerability Management & Security Operations Lead vulnerability scanning, analysis, and risk triage across multiple systems and environments. Interpret scan results and recommend prioritized remediation plans. Collaborate with development and engineering teams to ensure timely remediation and patching. Track and manage Plans of Action & Milestones (POA&Ms), ensuring risk mitigation is completed within required timeframes. RMF, ATO, and Compliance Develop and maintain full ATO packages and security documentation (e.g., SSPs, SARs, CMPs, Contingency Plans). Lead Certification & Accreditation (C&A) activities using NIST 800-53 and other federal security frameworks. Ensure compliance in FedRAMP, Azure, AWS, PCI DSS, and multi-tenant cloud environments. Conduct ongoing system monitoring, continuous diagnostics, and reporting for federal stakeholders. Security Architecture & Engineering Design, recommend, and validate integrated security solutions to protect sensitive and proprietary data. Design and implement security controls including firewalls, Web Application Firewalls (WAFs), and SIEM tooling Provide technical security engineering services, including secure configuration, hardening, and architecture review. Translate business and security requirements into actionable technical designs during strategic planning. Cloud & DevSecOps Apply modern cloud security concepts, including identity, access, governance, logging, and workload protection. Knowledge of edge security platforms such as Akamai or Azure Front Door Partner with DevSecOps and engineering teams to integrate security controls into CI/CD pipelines. Assess cloud posture, drive remediation, and communicate overall system risk. Collaboration & Communication Serve as a security advisor to technical teams and federal clients. Contribute to the development of internal security best practices. Support proposal development by providing technical security content and solution input. Required Skills and Qualifications 6 + years of experience supporting regulatory, audit, or compliance programs for secure cloud or federal systems. 4 -6 years hands-on experience as an Information Security Analyst or ISSO for major enterprise or federal systems. Strong understanding of NIST 800-series , FISMA, RMF, continuous monitoring, and federal security controls. Demonstrated experience in: Vulnerability scanning and interpretation Managing ATO/C&A activities Selecting and implementing security controls Cloud security engineering (Azure, AWS, GovCloud, FedRAMP) Monitoring and managing multi-organization compliance Communicating complex security concepts in business-friendly language Experience with DevSecOps processes and secure SDLC practices. Bachelor's degree in STEM (Science, Technology, Engineering, Mathematics). U.S. Citizen or Permanent Resident; eligible for Public Trust clearance. Desired Skills and Qualifications 7+ years of experience in security operations, incident investigation, and network security monitoring. Experience developing system/application certification and accreditation documentation. Experience working in Agile / SAFe environments and supporting testing activities. Experience conducting risk assessments, threat identification, security categorization, gap analysis, and compliance reporting. Active certifications preferred: CISSP (Certified Information Systems Security Professional) CAP (Certified Authorization Professional) Other relevant certifications (Security+, CISM, CCSP) a plus. #J-18808-Ljbffr