Senior Information Systems Security Officer

Job Description

Description


SAIC is seeking a motivated and skilled Senior Information Systems Security Officer (ISSO) to support cybersecurity and compliance activities for mission-critical IT systems on the MAJESTIC Joint Program Office (JPO) Team . In this role, the ISSO will be responsible for implementing, managing, and assessing system security controls to ensure compliance with government regulations, standards, and best practices, including NIST 800-53 , RMF , and other federal security policies.

The ideal candidate will work closely with system owners, administrators, and cross-functional security teams to assess risks, maintain security postures, and ensure the confidentiality, integrity, and availability of information systems that support the mission. This role requires on-site support in Springfield, VA .

Key Responsibilities:

• Ensure compliance with Risk Management Framework (RMF) requirements by developing, maintaining, and assessing system security artifacts, including System Security Plans (SSPs), POA&Ms, and applicable policies and procedures
• Implement and validate security controls in alignment with NIST 800-53, associated overlays, and system-specific requirements
• Support the Accreditation and Authorization (A&A) process, including preparing documentation and achieving and maintaining system Authority to Operate (ATO) status
• Conduct risk assessments and vulnerability analysis, identify potential threats and weaknesses, and provide recommendations for mitigation
• Work with IT teams to implement system hardening for platforms, applications, and networks in compliance with DISA STIGs and cybersecurity best practices
• Perform continuous monitoring of systems using tools such as Splunk, ACAS, or SolarWinds, ensuring real-time threat detection, event notifications, and security compliance validation
• Collaborate with cross-functional teams, including system administrators, developers, and ISSMs, to address security risks, system vulnerabilities, and security incidents
• Support incident response activities by conducting forensic analysis, generating reports, and coordinating efforts to remediate and recover from security events
• Provide cybersecurity awareness training for users and team members to ensure adherence to organizational security requirements and best practices
• Prepare and deliver security status updates, risk reports, and briefings to senior stakeholders and leadership
• Develop and maintain system documentation, including security control implementation descriptions, policies, and SOPs

Qualifications


Required Qualifications:

Education:

• Bachelor's Degree

Certifications (CWF Requirements):

• Candidates must satisfy Cybersecurity Workforce Framework (CWF) ID 511 (Cyber Defense Analyst) or 531 (Cyber Defense Auditor, Intermediate Level) requirements, as outlined byNavy COOL
  • This requirement can be met by possessing one or more of the following qualifyingcertifications:
    • Certified Ethical Hacker (CEH/Practical)
    • CompTIA Cloud+
    • CompTIA PenTest+
    • CompTIA Security+
    • Federal IT Security Professional-Operator-NG (FITSP-O)
    • GIAC Certified Enterprise Defender (GCED)
    • GIAC Continuous Monitoring Certification (GMON)
    • GIAC Defensible Security Architecture (GDSA)
    • GIAC Response and Industrial Defense (GRID)
    • GIAC Security Essentials Certification (GSEC)
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Security Essentials Certification (GSEC)
    • Rocheston Certified Cybersecurity Engineer (RCCE) Level 1
    • Certified Cloud Security Professional (CCSP)
    • Cisco Certified Network Associate (CCNA) Cybersecurity (formerly Cisco Cybersecurity Associate)
    • EC-Council Certified Incident Handler (ECIH)
    • Federal IT Security Professional-Operator-NG (FITSP-O)
  • OR This requirement can be met through:
    • A Bachelor's Degree in Cybersecurity, Computer Science, IT, or a related field

Experience:

• 2-5 years of professional experience managing and supporting enterprise-levelIT environments

Technical Skills:

• Deep understanding of security frameworks, including NIST 800-53, RMF, and/or DoD 8510.01
• Experience developing and maintaining System Security Plans (SSPs) and managing POA&Ms for compliance and audit purposes
• Proficiency with vulnerability scanning tools and security analysis platforms, such as Nessus, ACAS, or Qualys
• Knowledge of security controls implementation and system hardening using DISA STIGs or CIS Benchmarks for platforms and network-enabled devices
• Familiarity with monitoring tools such as Splunk, SolarWinds, or other SIEM solutions for proactive security monitoring and incident management
• Strong understanding of Windows Server and Active Directory security, including account policy configurations and group policy enforcement
• Basic knowledge of Red Hat Enterprise Linux (RHEL) for security configurations and patching
• General understanding of networking concepts, security configurations, and protocols (e.g., TCP/IP, VLANs, IPsec, firewalls)
• Ability to conduct risk assessments, analyze vulnerabilities, and make actionable recommendations to remediate threats
• Strong analytical and technical writing skills for maintaining security documentation, incident reports, and audit artifacts

Preferred Certifications (In Addition to CWF Requirements):

• Certified Information Systems Security Professional (CISSP) or equivalent advanced certifications
• Knowledge of continuous monitoring tools and automated compliance tracking systems
• Familiarity with encryption standards, PKI infrastructures, and secure key management practices
• Hands-on experience with virtualized environments and hyper-converged platforms, such as VMware or Nutanix
• Familiarity with ITIL v4 frameworks for managing IT operations and processes

Clearance Requirement:

• Active TS/SCI clearance with the ability to obtain and maintain a TS/SCI with Poly

Work Environment and Notes:

• On-Site Work: All work must be conducted on-site in Springfield, VA
• Program Scope: Supports on-premises enterprise IT environments, including virtualized Windows servers, MS SQL Server databases, and networking layers
• Subcontractor Role: Responsibilities and compensation vary based on the subcontract agreement, with a competitive salary aligned to market rates and role-specific requirements

Overview


SAIC accepts applications on an ongoing basis and there is no deadline.

SAIC® is a premier mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, intelligence, and civilian markets includes secure high-end solutions in mission IT, enterprise IT, engineering services, and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives.


We are approximately 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.3 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.