Information System Security Officer (ISSO)
Company: Spry Methods
Location: Washington
Posted on: February 17, 2026
|
|
|
Job Description:
Job Description Job Description Who We’re Looking For (Position
Overview): This role is critical in ensuring the security posture
of mission-critical applications and infrastructure across multiple
network enclaves (Unclassified, Secret, Top Secret). The ISSO will
be responsible for developing, maintaining, and enforcing security
policies, implementing cybersecurity controls, managing Authority
to Operate (ATO) documentation, and conducting continuous
monitoring and risk assessments in compliance with FISMA, NIST,
DOJ, and other federal mandates. What Your Day-To-Day Looks Like
(Position Responsibilities): Serve as the principal cybersecurity
advisor to system owners and stakeholders. Design, analyze, and
test of information security systems, products, cloud architectures
and cloud solutions. Provide recommendations and/or alternatives to
mitigate impact of system security boundary changes as part of any
potential re-architecting and/or re-design activities. Develop,
implement, and evaluate security controls, measures, and frameworks
in cloud-based systems to ensure data integrity, confidentiality,
and availability. Perform risk analysis, vulnerability assessments,
and security audits to identify and address potential weaknesses in
cloud environments. Follow all appropriate security authorization
process for requesting and maintaining an Authority to Operate
(ATO). Responsible for ensuring operational security is maintained
for assigned information systems. Ensure systems are operated,
maintained, disposed of in accordance with security policies and
practices. Perform Security Incident Reporting and Response.
Coordinate with the Office of the Chief Information Officer (OCIO),
Security Division, and others to provide documentation to the
system Certification and Accreditation process. Ensure audits and
reviews are responded to with accurate information. Perform system
access control responsibilities. Participate in the change
management process for assigned applications. Work with Product
Owner, Product Manager, OCIO, Security Division, and other
stakeholders to ensure security concerns are addressed during all
phases of system lifecycle. Perform continuous system security
monitoring. Implement and manage cloud-native and third-party
security tools for monitoring, threat detection and vulnerability
management. Act as a SME on Cloud Security while applying methods,
standards, and approaches for ensuring the baseline security
safeguards are appropriately implemented and documented. Provides
reports to superiors regarding effectiveness of data security and
makes recommendations for the adoption of new procedures. Draft and
keep updated information security documentation to include System
Security Plan, Information System Contingency Plan, Plan of Actions
and Milestones (POA&M), Privacy Threat Assessment, Privacy
Impact Assessment, and Configuration Management Plan. Responsible
for ensuring the implementation and maintenance of annual security
controls assessments. Assist with FISMA System audits as necessary.
Leverage necessary vulnerability assessment and scanning tools
including Nessus and ACSA to identify vulnerabilities, Splunk tools
to monitor, detect and rectify misconfigurations. Working directly
with development, platform, and infrastructure teams on security
problems. What You Need to Succeed (Minimum Requirements): Top
Secret (TS) Clearance with SCI eligibility. 3 - 5 years of
experience required. Extensive experience with federal
cybersecurity frameworks, including RMF, NIST 800-53, CNSS, and
FISMA. Experience supporting cloud security in environments such as
AWS GovCloud, C2S, SC2S, and Microsoft Azure. Analyze logs using
Splunk and AWS tools. Hands-on experience with vulnerability
assessment and configuration tools such as Nessus, ACSA, and
Splunk. Work with GRC tools such as Xacta/JCAM Hold at least one of
the following security certifications. Example: Security , CGRC,
CASP, CISSP Experience using Atlassian suite tools such as
JIRA/CONFLUENCE Experience with Agile Methodologies/SAFe Expertise
on Information Security Principles, processes and guidelines Able
to obtain and maintain an Authority to Operate (ATO) for
Information Systems. Experience with scanning tools such as Tenable
Nessus Ability to work on multiple projects with various timelines,
at times very short deadlines. Ideally, You Also Have (Preferred
Qualifications): Certifications: CISSP, CISM, CAP, Security, AWS
Certified Security – Specialty, or other relevant certifications.
Experience in a high-side or multi-enclave (U/S/TS) environment.
Experience working with Agile development teams and CI/CD
pipelines. Familiarity with Infrastructure as Code (IaC) and cloud
configuration management tools (e.g., Terraform, Ansible).
Familiarity with NIST 800-53 Rev. 5 We may use artificial
intelligence (AI) tools to support parts of the hiring process,
such as reviewing applications, analyzing resumes, or assessing
responses. These tools assist our recruitment team but do not
replace human judgment. Final hiring decisions are ultimately made
by humans. If you would like more information about how your data
is processed, please contact us.
Keywords: Spry Methods, Bel Air North , Information System Security Officer (ISSO), IT / Software / Systems , Washington, Maryland
