Information System Security Officer

Overview:

Join a team where innovation meets mission. Our AI, cloud, cyber, and modernization solutions save agencies thousands of hours, safeguard national security, and strengthen health and humanitarian missions worldwide. With 1,700 team members, 1,500 AI/data experts, and 100 prime contracts, we deliver at scale and with purpose.

We’ve been recognized as a Top Workplace by the Washington Post for six straight years and named to the Inc. 5000 Fastest Growing Private Companies 13 of the past 14 years. Credence is a welcoming home for those looking to grow and contribute to positive change. We encourage all employees to expand beyond their boundaries, dive into important world-changing Federal challenges.

Credence has a pending need for Information System Security Officers (ISSO) at multiple levels (Jr./Mid/Sr.) to support our work at various locations slated to begin mid-summer 2026. The ISSO plays a critical role in ensuring the confidentiality, integrity, and availability of information systems within an organization. Acting as the primary liaison between system owners and cybersecurity stakeholders, the ISSO is responsible for implementing and maintaining security frameworks, continuous monitoring practices, and incident response procedures to safeguard sensitive data and support mission-critical operations.

Core Responsibilities include, but are not limited to:

• Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS
• Provide liaison support between the system owner and other IS security personnel
• Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle
• Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis
• Conduct required IS vulnerability scans according to risk assessment parameters
• Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
• Manage the risks to ISs and other customer assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of POAMs
• Coordinate system owner concurrence for correction or mitigation actions
• Monitor security controls for our customer's ISs to maintain Authorization to Operate (ATO)
• Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase
• Ensure that changes to the IS, it's environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM)
• Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR

• An active Top-Secret clearance is required

• Experience can range from 2 to 12 years (experience requirement will vary depending on the level: Jr./Mid/Sr.)
• Holds one (or more) of these Certifications:

• Certified Information Systems Security Professional (CISSP),
• CompTIA Advanced Security Practitioner (CASP),
• Certified Secure Software Lifecycle Professional (CSSLP)
• (CISSP Special Focus) Information System Security Engineering Professional (ISSEP)
• (CISSP Special Focus) Information System Security Architecture Professional (ISSAP)
• Similar or comparable security focused certifications

• Proven experience with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications.

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Family Leave (Maternity, Paternity)
• Short Term & Long Term Disability
• Training & Development
• Wellness Resources