Information System Security Officer (Applications)

Overview

LMI is seeking an Information System Security Officer (Application) to support cybersecurity operations for the U.S. Army Center for Initial Military Training's (CIMT) Holistic Health & Fitness Management System (H2FMS). H2FMS is a secure analytics environment operating in Army GovCloud that integrates the vendor-provided H2F data capture application with cloud hosting, data pipelines, machine-learning models, and user-facing dashboards. This position requires the ability to obtain and maintain a Secret clearance.

The Application ISSO is responsible for supporting RMF and continuous ATO activities relating to application-level security, ensuring secure integration, secure software interfaces, application configuration compliance, and evidence collection for cybersecurity packages. This role works closely with the Senior ISSM, DevSecOps Engineers, Software Developers, Cloud team, Cyber Engineers, and Army AO/AODR stakeholders.

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.

Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors-helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.

Responsibilities

• Support application-focused RMF activities, including security control evidence gathering, testing, updates, and continuous monitoring.
• Assist in creating and maintaining application-level artifacts in the System Security Plan (SSP).
• Conduct application-level security control assessments and assist in POA&M updates.
• Validate secure integration between the vendor H2F application and H2FMS APIs, data services, and endpoints.
• Review application configurations for compliance with Army cybersecurity policy, STIGs, and Zero Trust requirements.
• Ensure encryption, access controls, and secure coding best practices are implemented and documented.
• Conduct vulnerability scanning, application security reviews, dependency checks, and static/dynamic testing.
• Work with DevSecOps to integrate automated scanning (SAST, SCA, container scans) into CI/CD pipelines.
• Document and track findings; support timely remediation activities.
• Review application logs, SIEM alerts, and API audit trails for anomalous activity.
• Assist in incident investigation, documentation, and response activities.
• Ensure application events meet continuous monitoring standards for cATO.
• Maintain application-level cybersecurity documentation and assist with audit preparation.
• Support generation of compliance reports, updates to RMF artifacts, and responses to cybersecurity inquiries.
• Collaborate with the ISSM to maintain a complete and accurate cybersecurity evidence package.
• Participate in sprint ceremonies, backlog refinement, and technical design discussions.
• Provide cybersecurity input on application features, user stories, and acceptance criteria.

Qualifications

Required

• Bachelor's degree in Cybersecurity, Information Assurance, Computer Science, Engineering, or related field.
• 3-6 years of cybersecurity experience, including supporting applications in secure environments.
• Familiarity with RMF, DISA STIGs, security controls, and continuous monitoring.
• Experience with application security practices (secure coding, API security, OWASP principles).
• DoW 8140 elevated privileges certification (Security+, CySA+, CCNA Security, etc.).
• Ability to obtain and maintain a Secret clearance.
• Location: Remote.
• Travel: Up to 1-2 trips per quarter to Fort Eustis, VA or LMI HQ in Tysons, VA.

Desired

• Experience supporting DoW software systems or cloud-hosted applications.
• Familiarity with DevSecOps toolchains and CI/CD security scanning.
• Experience supporting ATO or cATO packages.
• Experience with Army cybersecurity policy and governance.

Target salary range: $90,270 - $155,000

Disclaimer:

The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances.

Options

Apply for this job onlineApply

Share

Email this job to a friendRefer

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.

Share on your newsfeed

LMI is an Equal Opportunity Employer. LMI is committed to the fair treatment of all and to our policy of providing applicants and employees with equal employment opportunities. LMI recruits, hires, trains, and promotes people without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, disability, age, protected veteran status, citizenship status, genetic information, or any other characteristic protected by applicable federal, state, or local law. If you are a person with a disability needing assistance with the application process, please contact
Colorado Residents: In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

Need help finding the right job?