Information System Security Officer

Role: Information System Security Officer

POP: 12+ Months Contract

Location: Remote

SCOPE:

The ISSO will play a central role in ensuring systems maintain compliance with federal cybersecurity standards including NIST 800-53, FISMA, and DHS 4300A, and will serve as a key security liaison across development, operations, and governance teams.

REQUIRED SKILLS:

• Bachelor s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
• Must have an active DoD Secret Clearance.
• IAM (Information Assurance Management) Level II certification required (CompTIA Security+, CompTIA CySA, (ISC) SSCP, CCNA Security, GSEC, CND, or CompTIA PenTest+)
• Minimum of six (6) years experience in information security/information assurance.
• Minimum of five (5) years of experience in the risk management framework.
• Hands-on experience with Active Directory, Windows/UNIX systems, and relational databases in secure environments.
• Advanced understanding of NIST RMF, NIST SP 800-37, 800-53 Rev. 5, DHS 4300A, and FISMA compliance requirements.
• Hands-on experience with SIEM tools, eMASS, vulnerability scanning platforms, and ATO documentation processes.
• Proven ability to develop and maintain ATO documentation and assess control effectiveness across multiple systems.
• Experience implementing cybersecurity best practices in complex hybrid environments (on-premise, virtual, and cloud-based).
• Strong working knowledge of Active Directory, Linux/Windows administration, and secure infrastructure hardening.
• Familiarity with Agile/DevSecOps development cycles and secure code integration principles.
• Excellent analytical, organizational, and communication skills, with an ability to brief senior stakeholders and deliver formal documentation.

PREFERRED SKILLS:

• Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.
• Additional certifications (Network+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ITIL Foundation, TOGAF, or other cybersecurity architecture certifications) are a plus.

TASKS

• Serve as the lead security representative for system RMF lifecycle activities, including control selection, implementation, testing, and documentation.
• Develop, review, and maintain key RMF artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), Contingency Plans (CPs), and POA&Ms.
• Ensure systems maintain a valid Authorization to Operate (ATO) through continuous monitoring, vulnerability assessments, and compliance reporting.
• Validate the implementation of security controls and document evidence in Enterprise Mission Assurance Support Service (eMASS).
• Collaborate with cybersecurity engineers, auditors, and control assessors to prepare for internal and external security audits and inspections.
• Analyze and respond to scan results, SIEM alerts, audit logs, change management actions, and potential cybersecurity incidents.
• Support the integration of security into DevSecOps pipelines, ensuring secure configuration management, patching, and container security practices.
• Provide security engineering guidance to development and infrastructure teams in areas such as encryption, access controls, secure protocols, and authentication methods.
• Lead the execution of cybersecurity training, awareness initiatives, and policy compliance briefings for staff and stakeholders.
• Identify, assess, and mitigate risks associated with system design, implementation, and operational posture.
• Provide oversight for managing privacy-related data, insider threat indicators, and incident handling workflows in accordance with federal mandates.
• All other duties as assigned by management.