Senior Information Systems Security Officer

Job Description
ECS is seeking an experienced Senor Information Systems Security Officer to support a mission-critical federal cybersecurity program in the National Capital Region. This role provides senior-level Information Systems Security Officer support for Security Assessment and Authorization, Risk Management Framework execution, authorization package development, continuous monitoring, vulnerability remediation, audit readiness, and security compliance for federal information systems.

Please Note: This position is contingent upon contract award.

The selected candidate will serve as a senior ISSO and task lead, coordinating with system owners, ISSEs, ISSMs, engineering teams, program leadership, and authorization stakeholders to help assigned systems obtain and maintain compliant authorizations. The ISSO3 will support day-to-day system security operations, maintain required cybersecurity documentation, track remediation activities, support audit and vulnerability data calls, and help ensure security controls are accurately documented, implemented, and monitored throughout the system lifecycle.

Primary responsibilities include;

• Serve as a senior ISSO and task lead supporting assigned federal information systems.
• Support full lifecycle Security Assessment and Authorization activities in alignment with RMF, federal cybersecurity requirements, and customer-specific security policies.
• Prepare, review, update, and maintain RMF and SAA documentation, including System Security Plans, control implementation descriptions, risk assessments, POA&Ms, continuous monitoring artifacts, inventories, data flow diagrams, network diagrams, and authorization package materials.
• Coordinate with system owners, ISSEs, ISSMs, engineers, and authorization stakeholders to support timely ATO, CATO, or ATU outcomes and prevent authorization lapses.
• Ensure assigned systems remain fully scoped, including accurate documentation of system boundaries, components, hardware, software, interconnections, data flows, and technology stacks.
• Support control implementation documentation and ensure security control descriptions accurately reflect system conditions and available evidence.
• Track vulnerabilities, POA&Ms, remediation milestones, corrective actions, and compliance activities through closure.
• Support vulnerability and patch reporting, emergency directive responses, data calls, RFIs, and other compliance requests.
• Monitor system security posture and support continuous monitoring activities, including documentation updates, evidence collection, recurring reviews, and stakeholder coordination.
• Support annual security control assessments, FISMA reviews, audit preparation, COOP or resiliency documentation, and other recurring federal cybersecurity requirements.
• Review technical and procedural security evidence for completeness, accuracy, consistency, and traceability.
• Identify documentation gaps, control weaknesses, compliance risks, and remediation needs; coordinate corrective actions with system owners and technical teams.
• Support onboarding of new systems by establishing security documentation baselines, identifying required artifacts, confirming stakeholder roles, and tracking authorization readiness.
• Support incident-related cybersecurity documentation and recovery activities when assigned systems are impacted by a cybersecurity event.
• Provide status updates, risk summaries, action item tracking, and documentation quality feedback to program leadership and stakeholders.
• Develop or improve checklists, templates, SOPs, evidence standards, and repeatable processes to improve quality, consistency, and timeliness of ISSO support.
• Mentor junior ISSOs and support knowledge sharing across the cybersecurity team.
• Fill in as ISSO for additional systems as needed.

Required Skills

• Active Top Secret clearance with SCI eligibility
• U.S. citizenship.
• Minimum of 7 years of experience serving as an Information Systems Security Officer or Information Systems Security Engineer at a cleared facility.
• Minimum of 9 years of work experience in a computer science, cybersecurity, information technology, or related technical field.
• Experience supporting RMF, Security Assessment and Authorization, ATO, continuous monitoring, POA&M management, vulnerability remediation, security documentation, and authorization package development.
• Experience preparing, reviewing, and maintaining RMF artifacts, including System Security Plans, control implementation descriptions, risk assessments, POA&Ms, inventories, network diagrams, data flow diagrams, and continuous monitoring documentation.
• Experience coordinating with system owners, engineers, ISSMs, ISSEs, program leadership, and authorization stakeholders.
• Knowledge of NIST SP 800-53, NIST SP 800-53A, FIPS 199, FIPS 200, FISMA, vulnerability management, POA&M management, and federal cybersecurity requirements.
• Familiarity with the use and operation of security tools, including Tenable Nessus and/or Security Center, Splunk, IBM Guardium, HP WebInspect, Network Mapper, or similar applications.
• Strong written and verbal communication skills, including the ability to explain security risks, documentation gaps, compliance issues, remediation needs, and authorization impacts to technical and non-technical stakeholders.
• Ability to manage multiple systems, priorities, deliverables, stakeholders, and deadlines in a high-accountability federal mission environment.
• Possess at least one of the following certifications: CISSP, GISP, CASP, or another certification demonstrating skills consistent with DoD 8570 IAM Level III proficiency.

Desired Skills

• Bachelor's or advanced degree in computer science, cybersecurity, information technology, business management, or a related discipline.
• Experience supporting classified federal environments, federal law enforcement systems, national security systems, intelligence systems, or high-impact mission systems.
• Experience serving as a senior ISSO, task lead, team lead, or primary security point of contact for multiple systems.
• Experience with GRC tools, evidence repositories, control inheritance, dashboard reporting, workflow automation, and security documentation management.
• Experience supporting FISMA audit readiness, vulnerability data calls, emergency directives, POA&M remediation, and annual assessment activities.
• Experience developing reusable templates, checklists, SOPs, evidence standards, and process improvements that improve authorization quality and reduce rework.
• Experience mentoring junior cybersecurity personnel and supporting cross-functional coordination between security, engineering, and mission stakeholders.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven