Information System Security Officer (ISSO)

Job Description
Everforth ECS is seeking an Information System Security Officer (ISSO) to work onsite at our Ft. Meade, MD office.

Everforth ECS is seeking an experienced Information System Security Officer (ISSO) to support robust Impact Level (IL) 5 and IL6 programs in an operational DoW environment that houses multiple U.S. Coalition Mission Partner Environments (MPE).

This position is a demanding, high-energy role that requires strong cybersecurity judgement, attention to detail, and the ability to support authorization, compliance, and continuous monitoring activities across multiple enclaves in a dynamic Azure DoW environment. The ideal candidate has hands-on ISSO experience supporting classified DoW programs, a working knowledge of RMF and NIST 800-53 controls, and familiarity with cyber tools such as ACAS and Trellix. They are organized, proactive, comfortable collecting and validating security artifacts, and able to communicate clearly with both technical and non-technical stakeholders. The ISSO reports to the Senior Technical Program Manager.

Job Responsibilities:

• Support:
  • ISSO activities for a DoD Azure environment, including RMF, ATO maintenance, continuous monitoring, and compliance documentation.
  • Development and maintenance of ATO artifacts, including security plans, control evidence, vulnerability reports, diagrams, inventories, and risk documentation.
  • Security control assessments, audit readiness, continuous monitoring reviews, and authorization package updates for classified systems.
• Develop, update, and track POA&Ms for vulnerabilities, STIG findings, control gaps, audit findings, and other security risks.
• Maintain eMASS records, including control implementation details, artifacts, POA&Ms, assessment results, risk documentation, and continuous monitoring evidence.
• Review and validate STIG artifacts submitted by engineers, including checklists, scan results, remediation evidence, mitigations, and closure documentation.
• Work with engineers, system administrators, cloud teams, and government stakeholders to validate findings, track remediation, and keep security documentation current.
• Administer and maintain ACAS, including Nessus scanners, plugin updates, troubleshooting credentialed scan issues, scan scheduling, and vulnerability reporting.
• Review ACAS scan results and prepare vulnerability reports, metrics, POA&M updates, and remediation tracking artifacts.
• Administer and support Trellix / ESS, including ePO policies, endpoint protection settings, agent health, alert monitoring, and reporting.
• Investigate Trellix endpoint alerts, suspicious activity, malware events, and agent issues; assist with tuning policies, exclusions, and alerting logic to reduce false positives while maintaining required security coverage.
• Assist with monitoring, configuring, and documenting alerts, incidents, dashboards, and security events in Microsoft Sentinel.
• Participate in cybersecurity status meetings, vulnerability reviews, POA&M reviews, and ATO-related coordination with government and contractor teams.
• Other duties, as assigned.

Required Skills

• U.S. Citizen.
• Active Secret clearance - TS/SCI preferred (Or ability to obtain)
• Active a DoD 8140 IAT Level II Security+ (or higher) active.
• Ability to work five days a week onsite at Fort Meade, MD.
• Experience supporting:
  • DoD RMF, ATO maintenance, continuous monitoring, and security authorization documentation.
  • vulnerability management activities using ACAS/Nessus.
• Hands-on experience with eMASS or similar RMF/GRC software, including control documentation, artifact management, POA&M tracking, and authorization package maintenance.
• Experience with:
  • Creating, updating, and managing POA&Ms for vulnerabilities, STIG findings, audit findings, and NIST800-53 controls.
  • Reviewing and validating DISA STIG artifacts and coordinating remediation activities with technical teams.
  • Trellix endpoint/security tools.
• Familiarity with NIST SP 800-53 controls, DoD RMF processes, and cyber security assessment documentation.
• Practical understanding of secured IT infrastructure, particularly Windows, RHEL, and Azure environments, with the ability to evaluate how network, identity, server, endpoint, authentication, logging, and core service components affect security, compliance, and authorization posture.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Desired Skills

• Experience supporting:
  • Microsoft Azure or other cloud environments in a DoD or federal environment.
  • Security Control Assessments.
• Experience with Microsoft Sentinel, Microsoft Defender for Cloud, Azure Policy, or other security monitoring/compliance tools.
• Strong technical writing skills, including the ability to develop control implementation statements, risk mitigation narratives, POAM closure justifications, and ATO documentation.

#EverforthECS1

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams

• Fostering a culture that is engaging, accountable, and mission-driven

Meet the challenge. Make a difference with Everforth ECS!