Information Systems Security Officer

Job ID: 2507985

Location: ARLINGTON, VA, US

Date Posted: 2025-07-29

Category: Cyber

Subcategory: Cyber GRC

Schedule: Full-time

Shift: Day Job

Travel: No

Minimum Clearance Required: Secret

Clearance Level Must Be Able to Obtain: TS/SCI

Potential for Remote Work: No

Description

SAIC is seeking an experienced and proactive expert to join our distinguished Information Assurance/Information Security (InfoSec) team. The ideal candidate will exemplify a results-driven attitude and possess the expertise to oversee and manage multiple complex systems efficiently. This candidate must have a Secret Clearance and be able to get a TS/SCI. Candidates must sit on site in our Arlington VA Location.

Job Responsibilities:

• Proactive Problem Solving and Support: Provide expert solutions to complex issues faced by team members and proactively address potential roadblocks.
• Team Collaboration and Communication: Facilitate and lead discussions with team members, ensuring clear and effective communication of plans and strategies.
• Continuous Monitoring and Auditing: Lead and oversee continuous monitoring efforts, perform comprehensive system audits, and provide advanced risk management insights.
• Risk and Compliance Advisory: Offer strategic advisory services on compliance frameworks and develop guidelines for security tools and processes based on industry best practices.
• Process Improvement and Documentation: Lead efforts to refine, document, and optimize security processes and procedures, with a focus on efficiency and effectiveness.
• Project and Task Management: Manage complex projects and tasks using tools like Azure DevOps (ADO), ensuring timely and successful completion.
• Technical Leadership: Provide strategic direction and leadership for security projects, ensuring compliance with policies and alignment with organizational goals.
• Security Incident Management: Act as the primary responder for high-severity security incidents, conducting thorough investigations and implementing robust corrective measures.
• Vulnerability Management: Lead efforts to identify, assess, and mitigate vulnerabilities in information systems, ensuring proactive security posture.
• Access Control Management: Oversee and manage the entire lifecycle of user access controls, ensuring robust authorization and authentication mechanisms are in place.
• System Security Engineering: Lead the design and implementation of secure systems and architectures, ensuring alignment with security best practices.
• Compliance Audits Preparation: Lead the preparation for and facilitation of external and internal compliance audits, ensuring readiness and adherence to standards.
• Policy Development: Develop, update and enforce comprehensive information security policies and procedures, ensuring alignment with organization and regulatory requirements.
• Training and Awareness: Design, develop, and conduct advanced security training and awareness programs for staff, fostering a culture of security within the organization.
• Threat Intelligence: Lead the monitoring, collection and comprehensive analysis of threat intelligence from multiple, diverse sources. Develop and update risk assessment frameworks to integrate advanced threat intelligence insights.

Qualifications

• Bachelor's degree and five (5) years of related experience, or Master's degree and 3 years' experience.
• Active Secret clearance, with the ability to obtain TS/SCI clearance.
• DoD 8570/8140 IAM Level III certification (CISSP, CISM, CCISO)
• Extensive experience and deep knowledge of DCSA and DAAPM.
• Advanced working knowledge of Risk Management Framework (RMF) and substantial experience creating and overseeing RMF System Security Plans in eMASS.
• In-depth familiarity with NISPOM, NIST 800-53, and ICD 503.
• Advanced experience with security assessment tools such as SCAP Compliance Checker, STIG Viewer, and ACAS/Nessus.
• Expert proficiency in Windows (10/11) and Windows Server (2018/2022) operating systems.
• Thorough understanding of Windows integration into Microsoft Active Directory, PKI, and Group Policies.
• Comprehensive knowledge of Host-Based Security Systems (HBSS).
• Extensive experience with DISA security policies, including STIGs and IAVA.

Skills:

• Exemplary interpersonal and communication skills with the ability to lead and influence stakeholders at all levels.
• Proven ability to operate autonomously and lead complex security projects or functions.
• Strategic vision and capability to ensure a thorough and proactive security posture across the organization.

Desired Experience:

• Advanced experience in implementing security controls for both Windows and Linux Operating Systems.
• Significant experience with the operation and maintenance of a government SIPRNet system.
• Proven ability to adopt a holistic approach to security, ensuring overall security posture and contributing to team success.