Job Description Everforth ECS Federal is seeking an experienced Information System Security Officer Sr. (Cloud) to support cybersecurity, risk management, and Security Assessment and Authorization activities for federal information systems in cleared law enforcement and national security environments.
Please Note: This position is contingent upon contract award. The successful candidate will provide senior-level ISSO support for complex, mission-critical systems, with an emphasis on cloud security, RMF execution, security documentation, continuous monitoring, vulnerability management, audit readiness, and authorization support. This role will work closely with system owners, security managers, security engineers, cloud teams, technical stakeholders, and government leadership to help systems obtain and maintain compliant authorizations.
Responsibilities Include: - Responsible for executing the Security Assessment and Authorization program for assigned federal information systems.
- Provide full system lifecycle ISSO support for federal information systems to obtain and maintain compliant authorizations.
- Prepare, review, update, and maintain security authorization documentation and RMF artifacts in accordance with federal standards and customer policies.
- Develop and maintain System Security Plans, control implementation descriptions, Plans of Action and Milestones, risk assessments, contingency planning artifacts, data flow diagrams, network diagrams, hardware/software inventories, and assessment evidence.
- Support cloud security documentation and compliance activities for systems hosted in or connected to AWS, Azure, Google Cloud Platform, or other approved cloud environments.
- Review cloud security considerations such as control inheritance, shared responsibility, identity and access management, encryption, logging, monitoring, configuration management, and secure cloud architecture.
- Conduct risk assessments, document security findings, develop POA&Ms, and ensure remediation actions are tracked to closure.
- Keep system documentation, inventories, diagrams, and authorization artifacts current in support of audits, vulnerability reporting, emergency directives, and continuous monitoring requirements.
- Coordinate proactively with system owners, security managers, security engineers, technical teams, cloud teams, and authorizing officials to avoid authorization delays or lapses.
- Support vulnerability and patch management activities by reviewing scan results, documenting findings, coordinating remediation status, and helping ensure corrective actions are completed within required timelines.
- Support annual control assessments, compliance reviews, audit readiness activities, continuity planning, resiliency documentation, and security documentation reviews.
- Prepare clear, accurate, and defensible responses for government reviewers, auditors, security managers, and authorizing officials.
- Provide technical input and ISSO support for post-incident recovery activities, as needed, including documentation updates, remediation tracking, and return-to-service security considerations.
- Mentor junior and mid-level cybersecurity personnel by providing technical guidance, reviewing work products, sharing RMF and cloud security best practices, and helping improve team execution quality.
- Contribute to portfolio and program improvements by identifying recurring risks, documentation gaps, cloud security concerns, process inefficiencies, automation opportunities, and lessons learned.
- Identify and recommend tools, workflows, templates, and process improvements that improve speed, quality, consistency, and audit readiness across authorization and continuous monitoring activities.
- Track, report, and communicate security risks, compliance status, remediation progress, documentation quality issues, and improvement recommendations to program leadership and government stakeholders.
- Maintain current knowledge of NIST RMF, NIST SP 800-53 Rev. 5, NIST SP 800-53A, FISMA, CNSS, DOJ, IC, FedRAMP, and other applicable federal cybersecurity and cloud security guidance.
Required Skills - Active Top Secret clearance required; SCI eligibility may be required based on assignment.
- Ability to meet federal law enforcement and national security suitability, access, and polygraph requirements.
- U.S. citizenship required; no dual citizenship.
- Possess at least one of the following certifications:
- CISSP - Certified Information Systems Security Professional
- GISP - Global Information Security Professional
- CASP+ - CompTIA Advanced Security Practitioner
- Other certification demonstrating skills comparable to DoD 8570 IAM Level III proficiency
- At least 7 years of experience serving as an Information System Security Officer at a cleared facility.
- Minimum of 9 years of work experience in a computer science, cybersecurity, information technology, or related technical field.
- Experience supporting RMF, Security Assessment and Authorization, ATO, POA&M management, vulnerability management, continuous monitoring, audit readiness, and security control implementation activities.
- Experience developing, reviewing, and maintaining security authorization documentation for federal information systems.
- Experience supporting cloud security or cloud compliance activities in AWS, Azure, Google Cloud Platform, or similar cloud environments.
- Familiarity with the use and operation of security and vulnerability management tools, including Tenable Nessus and/or SecurityCenter, Splunk, IBM Guardium, HP WebInspect, Network Mapper, Nmap, and/or similar applications.
- Strong written and verbal communication skills, including the ability to document technical security issues, brief risks, and communicate remediation recommendations to technical and non-technical stakeholders.
- Hold at least one security certification from AWS, Azure, Google Cloud, or a comparable cloud security body, such as: AWS Certified Security - Specialty; CCSP - Certified Cloud Security Professional; AWS Certified Solutions Architect - Associate; AZ-500 - Microsoft Certified: Azure Security Engineer Associate;
Desired Skills - Bachelor's or advanced degree in computer science, cybersecurity, information technology, business management, engineering, or a related discipline.
- Experience supporting federal law enforcement, intelligence, defense, national security, or other cleared federal environments.
- Experience working within JCAM and/or CSAM.
- Experience working with Xacta.
- Experience interpreting and applying NIST SP 800-53 Rev. 5 controls in cloud, hybrid, and enterprise environments.
- Experience supporting FedRAMP-authorized cloud services, cloud control inheritance, customer responsibility matrices, or shared responsibility models.
- Experience coordinating with cloud architects, DevSecOps teams, infrastructure teams, security assessors, and system owners.
- Experience preparing systems for FISMA audits, security control assessments, continuous monitoring reviews, and authorization package submissions.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
Everforth ECS is the federal segment of
Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
Never miss an opportunity! Create an alert based on the job you applied for.
