Senior Information System Security Officer
Core One · McLean, VA · 2 mo ago
Information TechnologyFull-time
Key Responsibilities
- Lead and execute activities across all RMF phases (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor).
- Develop, review, and maintain accreditation artifacts including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessments, and POA&Ms.
- Monitor compliance with NIST 800-53, 800-171, ICD 503, FedRAMP, FISMA, and agency-specific policies. Prepare for and support audits, inspections, and assessments.
- Conduct vulnerability scanning, compliance checks, risk assessments, and remediation tracking using tools such as Nessus or Tenable.sc.
- Create and maintain security documentation, continuous monitoring strategies, incident response plans, and compliance reports. Provide briefings and status updates to leadership and Authorizing Officials.
- Collaborate with system owners, engineers, and developers to ensure security is integrated into design, development, and operations.
- Support investigation, response, and remediation of security incidents.
- Manage account recertifications, access reviews, and deliver security awareness training at the system level.
- Serve as the primary cybersecurity point of contact for assigned systems, ensuring clear communication with internal and external stakeholders.
Required Qualifications
- Bachelor’s Degree, or more advanced degree, in Information Technology, Computer Science, Cybersecurity, Computer Engineering, or Information Systems or related field
- 5+ years of cumulative experience spanning IT systems administration, cybersecurity compliance, IT system troubleshooting, and incident response
- 6+ years of experience in a role such as Information Systems Security Engineer (ISSE), accrediting Sponsor programs
- Experience with completing new system(s) authorization and accreditation through the Sponsor’s Authorization and Accreditation (A&A) processes, procedures, security requirements, and systems (e.g. Greenlight)
- Experience using the Sponsor’s A&A process to accredit systems built on C2E or C2S Amazon Web Services
- Experience in security policy, counterintelligence, and security controls
- TS/SCI w/ Poly Clearance
Desired Qualifications
- Certified in AWS or equivalent cloud technology
- Security+, Certified Information System Security (CISSP), Certified Information Security (CISM), or equivalent