Sr. ISSO (Information Systems Security Officer) - 6835
Hybrid · Washington, District of Columbia, United States
Job Summary
Senior ISSO to support a U.S. government agency in the National Capital Region. Responsible for implementing and managing security controls in accordance with NIST RMF, SP 800-53, FISMA, and related federal policies across on-premise and cloud environments. Collaborates with ISSPOs, system owners, engineers, and governance teams to maintain confidentiality, integrity, and availability of government systems. Contains responsibilities for Security Authorization packages (SSP, SAR, POA&M), Security Control Assessments, SIAs, configuration/change control, asset inventories, remediation of control deficiencies, continuous monitoring, policy/guideline development, governance processes, security awareness and training, threat monitoring, and high-quality technical documentation. Requires strong technical writing, documentation, and communication skills and the ability to convey complex security issues to non-technical audiences. Includes a hybrid working arrangement in Washington, DC, with eligibility for a Public Trust clearance.
Required Qualifications
- Bachelor’s degree and 9+ years of IT security or systems security engineering experience, or Master’s degree with 7+ years of experience
- Hands-on experience implementing and managing security controls in enterprise or federal IT environments
- Strong understanding of the NIST RMF, NIST SP 800-53, FISMA, and federal security policies including EO 14028 and OMB M-22-09
- Experience performing risk assessments, preparing ATO documentation, and tracking control deficiencies in POA&Ms
- Working knowledge of cloud security (AWS, Azure, GCP) and hybrid environments
- Familiarity with enterprise platforms such as Microsoft 365, Azure AD, Cisco, and Oracle
- Proficient in network and system security concepts, including IDS/IPS, VPNs, encryption, secure baselining, and OS hardening
- Experience supporting third-party security assessments or audits
- Strong documentation, reporting, and communication skills, including the ability to convey complex technical issues to non-technical audiences
- Proficient in Microsoft Office (Word, Excel, PowerPoint, SharePoint)
- Current cybersecurity certification such as CISSP, CISM, or Security+
- Experience with GRC and SA&A tools such as Archer, eMASS, CSAM, or Xacta
- Familiarity with FedRAMP, cloud compliance requirements, and federal privacy regulations
- Knowledge of OWASP Top 10 and modern application security best practices
- Understanding of adversary TTPs and frameworks such as MITRE ATT&CK
- Ability to work independently and manage priorities in a fast-paced, dynamic environment
- Clearance Requirement: All candidates must be eligible to obtain and maintain a U.S. Public Trust clearance
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.