Job Requirements
Gaithersburg, MD
Top Secret/SCI Polygraph not specified
Mid Level Career (5+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Title: Information Systems Security Officer (ISSO)
Location: Gaithersburg, MD
Clearance: MUST CURRENTLY POSSESS AN ACTIVE TS/SCI CLEARANCE WITH POLYGRAPH
SUMMARY:
We are seeking an experienced Information Systems Security Officer (ISSO) to support cybersecurity, risk management, and accreditation activities for mission-critical systems operating within Department of Defense and Intelligence Community environments. The ISSO will conduct security and risk assessments using established accreditation frameworks, implement security controls, maintain accreditation documentation, and support vulnerability management activities to ensure systems maintain an acceptable level of operational risk.
The ISSO will work closely with system administrators, engineers, security managers, and government stakeholders to ensure information systems maintain appropriate levels of confidentiality, integrity, availability, and privacy throughout the system lifecycle.
BASIC QUALIFICATIONS:
* Bachelor's degree and 8–12 years of relevant cybersecurity, information assurance, or information systems security experience.
* Active TS/SCI clearance with Polygraph.
* U.S. Citizenship required.
* Experience implementing and managing security requirements under NIST Risk Management Framework (RMF) and ICD 503.
* Experience supporting Assessment and Authorization (A&A) activities.
* Experience developing and maintaining security documentation, including System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), Security Impact Assessments, and Concepts of Operations (CONOPS).
* Experience with vulnerability management programs and remediation activities.
* Experience with XACTA, XACTA 360, HBSS, ACAS, Nessus, and Splunk.
* Ability to work independently and collaborate effectively across technical and management teams.
MAIN RESPONSIBILITIES:
* Conduct security and risk assessments utilizing NIST RMF, ICD 503, DoD, Common Criteria, and other applicable cybersecurity frameworks.
* Develop and implement risk mitigation strategies that support mission objectives, security compliance requirements, and operational effectiveness.
* Maintain and update System Security Plans (SSPs), POA&Ms, Security Impact Assessments, CONOPS documentation, and Information Technology Disaster Recovery (ITDR) plans.
* Manage Assessment and Authorization (A&A) activities and coordinate accreditation efforts with Designated Authorizing Officials (DAOs) and government stakeholders.
* Maintain accreditation artifacts and security records within ServiceNow, XACTA 360, and other enterprise security management platforms.
* Drive security changes and accreditation milestones through review boards, governance processes, and security working groups.
* Perform security audits, compliance assessments, and control reviews to validate security posture and regulatory compliance.
* Support vulnerability management activities, including scanning, assessment, reporting, mitigation tracking, and remediation verification using ACAS and Nessus.
* Coordinate with system administrators, engineers, and technical teams to remediate vulnerabilities and manage POA&M activities.
* Track, document, and report security findings, risks, vulnerabilities, and remediation status to leadership and stakeholders.
* Evaluate security architectures, defense-in-depth strategies, and Zero Trust implementations against emerging threats and known vulnerabilities.
* Provide guidance on secure software development, hardware implementation, government security requirements, and industry best practices.
* Support patch management activities and respond to cybersecurity directives, notices, and operational taskings.
* Manage security profiles, access controls, user provisioning, and identification, authentication, and authorization mechanisms.
* Maintain records associated with system configurations, upgrades, patches, and connectivity requirements.
* Evaluate and recommend security solutions, implementation strategies, and improvements to enhance the security posture of systems and services.
* Provide security awareness guidance and support user access approval processes.
* Communicate cybersecurity risks, compliance status, and security recommendations to technical teams, management, and customer stakeholders.
PREFERRED QUALIFICATIONS:
* NGA experience.
* Intelligence Community experience.
* 3+ years of experience analyzing and remediating vulnerability scan results using Nessus, Tenable Security Center, ACAS, or similar enterprise vulnerability management tools.
* Active Certified Information Systems Security Professional (CISSP) certification.
* Active Certified Information Security Manager (CISM) certification.
* Experience supporting classified environments across Unclassified, Secret, and Top Secret domains.
* Experience implementing Zero Trust architectures and defense-in-depth security strategies.
* Familiarity with NGA, DoD, DISA, NIST, and Intelligence Community cybersecurity policies and standards.
Noetic Strategies offers a competitive salary, comprehensive benefits package, and a collaborative work environment that promotes professional growth and technical excellence. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
Noetic Strategies is an Equal Opportunity Employer and considers all qualified applicants without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, or gender identity.
Location: Gaithersburg, MD
Clearance: MUST CURRENTLY POSSESS AN ACTIVE TS/SCI CLEARANCE WITH POLYGRAPH
SUMMARY:
We are seeking an experienced Information Systems Security Officer (ISSO) to support cybersecurity, risk management, and accreditation activities for mission-critical systems operating within Department of Defense and Intelligence Community environments. The ISSO will conduct security and risk assessments using established accreditation frameworks, implement security controls, maintain accreditation documentation, and support vulnerability management activities to ensure systems maintain an acceptable level of operational risk.
The ISSO will work closely with system administrators, engineers, security managers, and government stakeholders to ensure information systems maintain appropriate levels of confidentiality, integrity, availability, and privacy throughout the system lifecycle.
BASIC QUALIFICATIONS:
* Bachelor's degree and 8–12 years of relevant cybersecurity, information assurance, or information systems security experience.
* Active TS/SCI clearance with Polygraph.
* U.S. Citizenship required.
* Experience implementing and managing security requirements under NIST Risk Management Framework (RMF) and ICD 503.
* Experience supporting Assessment and Authorization (A&A) activities.
* Experience developing and maintaining security documentation, including System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), Security Impact Assessments, and Concepts of Operations (CONOPS).
* Experience with vulnerability management programs and remediation activities.
* Experience with XACTA, XACTA 360, HBSS, ACAS, Nessus, and Splunk.
* Ability to work independently and collaborate effectively across technical and management teams.
MAIN RESPONSIBILITIES:
* Conduct security and risk assessments utilizing NIST RMF, ICD 503, DoD, Common Criteria, and other applicable cybersecurity frameworks.
* Develop and implement risk mitigation strategies that support mission objectives, security compliance requirements, and operational effectiveness.
* Maintain and update System Security Plans (SSPs), POA&Ms, Security Impact Assessments, CONOPS documentation, and Information Technology Disaster Recovery (ITDR) plans.
* Manage Assessment and Authorization (A&A) activities and coordinate accreditation efforts with Designated Authorizing Officials (DAOs) and government stakeholders.
* Maintain accreditation artifacts and security records within ServiceNow, XACTA 360, and other enterprise security management platforms.
* Drive security changes and accreditation milestones through review boards, governance processes, and security working groups.
* Perform security audits, compliance assessments, and control reviews to validate security posture and regulatory compliance.
* Support vulnerability management activities, including scanning, assessment, reporting, mitigation tracking, and remediation verification using ACAS and Nessus.
* Coordinate with system administrators, engineers, and technical teams to remediate vulnerabilities and manage POA&M activities.
* Track, document, and report security findings, risks, vulnerabilities, and remediation status to leadership and stakeholders.
* Evaluate security architectures, defense-in-depth strategies, and Zero Trust implementations against emerging threats and known vulnerabilities.
* Provide guidance on secure software development, hardware implementation, government security requirements, and industry best practices.
* Support patch management activities and respond to cybersecurity directives, notices, and operational taskings.
* Manage security profiles, access controls, user provisioning, and identification, authentication, and authorization mechanisms.
* Maintain records associated with system configurations, upgrades, patches, and connectivity requirements.
* Evaluate and recommend security solutions, implementation strategies, and improvements to enhance the security posture of systems and services.
* Provide security awareness guidance and support user access approval processes.
* Communicate cybersecurity risks, compliance status, and security recommendations to technical teams, management, and customer stakeholders.
PREFERRED QUALIFICATIONS:
* NGA experience.
* Intelligence Community experience.
* 3+ years of experience analyzing and remediating vulnerability scan results using Nessus, Tenable Security Center, ACAS, or similar enterprise vulnerability management tools.
* Active Certified Information Systems Security Professional (CISSP) certification.
* Active Certified Information Security Manager (CISM) certification.
* Experience supporting classified environments across Unclassified, Secret, and Top Secret domains.
* Experience implementing Zero Trust architectures and defense-in-depth security strategies.
* Familiarity with NGA, DoD, DISA, NIST, and Intelligence Community cybersecurity policies and standards.
Noetic Strategies offers a competitive salary, comprehensive benefits package, and a collaborative work environment that promotes professional growth and technical excellence. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
Noetic Strategies is an Equal Opportunity Employer and considers all qualified applicants without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, or gender identity.
group id: RTX197788