Information System Security Officer (ISSO)

Description

Position Details:

Job Title: Information System Security Officer (ISSO)

Job Type: Full-time

Location: Remote, MD - occasional in-person in the DC Metro Area as necessary

Dynanet Corporation Overview:

Dynanet started with a focus on IT infrastructure and operations, helping organizations enhance their networks and overcome the limitations of 1990s technology. From strengthening communication channels to introducing innovative ways to collaborate and share information, Dynanet played a crucial role in shaping the early stages of digital transformation. The company’s efforts helped organizations build the very fabric of connectivity that now powers our modern world. Over the last three decades, Dynanet has grown into a trusted partner for organizations looking to innovate boldly and transform seamlessly. While technology continues to evolve and unlock new opportunities, for nearly 30 years, Dynanet remains committed to delivering cutting-edge solutions that drive lasting change for its customers. Through agility, foresight, and an unwavering dedication to excellence, Dynanet continues to empower organizations to thrive in a rapidly changing digital landscape. Our story is more than just a story of technology – it’s a story of vision, growth, and transformation that has shaped the past and continues to pave the way for the future.

About the Role:

Serve as a hands-on Information System Security Officer (ISSO) supporting the modernization and accreditation of applications across the Agency's evolving cloud and on-prem ecosystem. This role is focused on technical execution, not policy-only oversight. The ISSO will drive SSP creation, automated ATO workflows, continuous monitoring integration, secure baseline enforcement for the Landing Zone Architecture (LZA), and the adoption of an OTEL-first monitoring and logging platform. By enabling evidence automation, compliance-as-code, and integrated security telemetry, the ISSO will strengthen application readiness, accelerate ATO timelines, and ensure continuous compliance across hybrid environments.

• Leads hands-on SSP creation, ATO automation, and continuous monitoring integration.
• Defines and implements secure baselines, compliance-as-code, and OTEL-driven monitoring patterns.

Roles & Responsibilities:

• Create full Security System Plans (SSPs) for new applications, including system boundaries, control implementation statements, architecture mapping, and inheritance models.
  Support, update, and maintain SSPs for existing applications through the full ATO lifecycle.
• Develop and implement automated ATO pipelines, including evidence generation, validation tasks, and CI/CD gating aligned to RMF requirements.
• Integrate continuous monitoring strategies, telemetry sources, alerting thresholds, and control-health scoring.
• Automate evidence collection through scripts, scheduling logic, secure repositories, and structured control mappings.
• Define, maintain, and enforce secure baselines for the Landing Zone Architecture (LZA) across cloud and on-prem environments.
• Implement and scale compliance-as-code, translating NIST and agency controls into machine-testable rules and automated evaluations.
• Establish and manage an OTEL-first platform for organization-wide logging, metrics, tracing, APM, and compliance telemetry.
• Enable OTEL-driven continuous compliance through real-time signals tied to control effectiveness and evidence requirements.
• Collaborate with engineering, cloud, security, and application teams to provide hands-on control remediation, configuration updates, and automation support.
• Partner with assessors and AOs to ensure high-quality artifacts, timely responses, and successful accreditation reviews.

Required Professional Skills:

•  5–10 years of experience in ISSO, security engineering, or RMF/FISMA compliance roles (hands on technical focus).
• Strong experience creating SSPs, implementing controls, and driving ATOs for cloud or hybrid systems.
• Hands on background with AWS, Azure, and on prem environments, including inheritance models and shared-responsibility controls.
• Experience implementing continuous monitoring, SIEM integrations, telemetry pipelines, and automated control health reporting.
• Proficiency with scripting (Python, PowerShell, Bash) to automate evidence collection, configuration checks, and compliance tasks.
• Experience with IaC tools (Terraform, Bicep, CloudFormation) and building automated compliance checks within CI/CD.
• Working knowledge of cloud networking, identity (Entra IAM/IAM), endpoint telemetry, containerized environments, and security baseline enforcement.
• Strong understanding of NIST RMF, FISMA, FedRAMP, vulnerability management, and POA&M remediation processes.

Preferred Professional Skills:

• Experience implementing OpenTelemetry collectors, instrumentation, and pipelines for traces, logs, and metrics.
• Experience with compliance as code frameworks (OPA/Conftest, Regula, or custom rulesets).
• Security certifications such as CISSP, CAP, Security , CCSK, CCSP, or cloud security certifications.
• Experience automating ATO processes, evidence generation, and continuous monitoring dashboards.
• Background supporting Zero Trust principles, secure baseline patterns, and telemetry driven security operations.

Dynanet Team Requirements and Expectations:

• Possess Strong written and verbal communication skills.
• Highly organized with the ability to prioritize, balance, and effectively advance multiple competing priorities in a high-volume, fast-paced environment.
• Ability to interact in a professional and collaborative manner with fellow Dynanet Teammates and the clients, and business partners that we work with.
• Ability and desire to challenge and educate yourself to support and advance IT services delivery in the Federal agencies we serve.
• Excellent judgment and creative problem-solving skills.
• Respond to team member and client requests via email, MS teams, or other communication means during core business hours.
• Active listening skills to understand clients' needs, and collaboration skills to work with other developers and designers.

Employee Benefits Overview:

· Industry Competitive Compensation

· Medical and Dental Insurance

· Paid Time Off/Holidays

· 401(k) Retirement Plans with Matching

· Remote Work*

· Paid Training

· Employee Referral Program

· Employee Development Program