Information System Security Officer

Work Location: National Capital Region (NCR) — on-site at contractor/government facilities (SCIF work may be required). 

Job Description 

Title: Information System Security Officer (ISSO) – RMF / Continuous Monitoring / Mission Ops 

Overall Assignment Description 

Serve as the system’s day-to-day cybersecurity authority for accreditation sustainment and continuous monitoring. The ISSO owns security operations artifacts and evidence; coordinates with ISSE/engineers to implement and assess controls; manages POA&Ms and vulnerability remediation; and ensures logs/telemetry, change, and configuration baselines are aligned so that releases are authorized, auditable, and minimally disruptive to mission. The ISSO partners closely with platform teams (e.g., ServiceNow) and operations/telemetry (Splunk) to maintain compliance and respond to findings. 

Duties May Include 

• RMF / A&A Sustainment 
• Maintain the system’s RMF package and Body of Evidence (SSP, SCTM, SAR, Plans/Procedures, Contingency/IR, Interconnection Agreements). 
• Lead continuous monitoring: control assessments, security status reporting, artifact curation, and ATO sustainment actions. 
• Coordinate with AO/DAO, SCA, ISSM, ISSE, and engineering teams for Plan of Action & Milestones (POA&M) management and closure evidence. 
• Vulnerability & Configuration Management 
• Orchestrate scanning, findings triage, and patch cycles (e.g., ACAS/Nessus, host/OS and application scans); validate STIG/SCAP compliance; track waivers and risk acceptances. 
• Align security baselines with Configuration Management and Change/Release processes; verify back-out plans and security testing for go/no-go decisions. 
• Security Operations & Telemetry 
• Define logging/monitoring requirements and dashboards; implement and tune Splunk searches/alerts (and ITSI where used) for control efficacy and incident detection. 
• Document incidents and corrective actions; collaborate with SOC/IR teams; ensure ServiceNow tickets (incidents, problems, changes) reflect security context and traceability. 
• Assessments, Audits & Reporting 
• Plan/execute control assessments and audit readiness; gather artifacts, screenshots, queries, and exports; produce executive-level metrics (risk posture, patch SLAs, control health). 
• Support tabletop exercises and continuity testing; maintain evidence for 508, supply-chain, and privacy requirements as applicable. 
• Security Engineering Partnership 
• Provide security requirements to architects and developers (identity/roles, encryption, session mgmt, key/cert handling, least privilege). 
• Review designs/ICDs and change requests for control impact; ensure secure configs are promoted across dev/test/stage/prod. 

Required Skills & Experience 

• 5–8 years as an ISSO/IA professional supporting IC/DoD systems (ATO/ATC/Interim-ATO sustainment). 
• Hands-on RMF execution (ICD 503, CNSSI 1253, NIST SP 800-53) including evidence generation and control assessments. 
• Strong POA&M and vulnerability lifecycle management (scan → analyze → prioritize → remediate → verify). 
• Practical experience with Splunk (SPL dashboards/alerts) for security monitoring and control verification. 
• Familiarity with ServiceNow for security-relevant work (Change/Release, Problem/Incident, IRM/GRC or SecOps VR a plus). 
• Clear, concise writing for CDRLs, plans, and status reports; confident briefing to AO/ISSM and mission leadership. 

Certifications 

• Required baseline: DoD 8570 IAM II (e.g., CAP, CASP , CISM, CISSP; associate acceptable if eligible to upgrade). 
• Nice to have: Security , Splunk Core Certified Power User/Admin, ITIL® 4 Foundation. 

Education and Experience (Required — one of) 

• Bachelor’s in Cybersecurity, IT/CS, or related discipline and 5–8 years relevant ISSO experience; or 
• Master’s 3–5 years; or 
• Associate’s 8–10 years; or 
• HS/GED 10–12 years progressively responsible IA experience. 

Security Clearance 

TS/SCI with CI Polygraph (required). U.S. citizenship required. 

Tools & Platforms 

• Splunk (SPL dashboards/alerts; ITSI optional), ACAS/Nessus, STIG Viewer/SCAP, HBSS/ESS or EDR, Xacta/eMASS (as applicable), ServiceNow (Change/Release/IRM or SecOps), Jira/Confluence, MS 365.