Information System Security Officer Lead

Information System Security Officer Lead

Location: On Site – Vienna, VA
Clearance: Top Secret (TS)/SCI

Position Overview:

This position will lead a group of Information System Security Officers (ISSOs) and Information System Security Engineers (ISSEs) in support of the FBI to protect the confidentiality, integrity, and availability of systems across cloud, enclave, and hybrid environments. Responsibilities include engineering secure CI/CD pipelines, applying DevSecOps principles, conducting architectural risk assessments, overseeing RMF activities through ATO issuance, validating security controls, and guiding incident response and insider threat monitoring. The role also ensures compliance with NIST, DoD, and FBI cybersecurity standards, implements EO 14028 mandates, and provides specialized support for telecommunications and secure data transfer operations, all while maintaining operational readiness and surge capacity in secure federal environments.

Responsibilities:

• Identify and recommend necessary updates based on security policies, standards, guidelines, and procedures to ensure compliance with regulatory requirements and organizational objectives.
• Conduct risk assessments and vulnerability assessments to identify, evaluate, and prioritize security risks to the organizations information systems.
• Develop, update and maintain the organizations security incident response plan, to include detection, response and recover based on organization objectives.
• Ensure security compliance based on FBI security regulations and standards, following National Institute of Standards and Technology (NIST) controls.
• Perform regular vulnerability and compliance scanning to support auditing and monitoring on the information systems and identify any of the findings and coordinate with key stakeholders to mitigate vulnerabilities and compliance findings.
• Implement and maintain security controls throughout all information systems and network environments.
• Maintain documentation related to security policies, procedures, standards, configurations and incidents for compliance and auditing purposes.
• Participate in security governance activities, including security risk assessments, security review, and security related meetings to ensure alignment with organizational goals and objectives.
• Provide regular reports and updates to management on the organization's security posture, including identified risks, incidents, compliance status, and remediation efforts.
• Assist with other duties as assigned in the unit.
• Operate within the Risk Management Framework (RMF), including Steps 1-6, and ensure ongoing compliance through Continuous Monitoring.
• Design and implement security controls and validate their effectiveness.
• Configure and execute Nessus scans, interpret results, and feed findings into POA&M and risk analysis processes. Shall support ATO packages and security documentation.
• Assist ISSE in determining appropriate security architecture throughout the development and implementation lifecycle of the information systems.

Required Qualifications:

• Demonstrate expertise in systems security requirements and policy.
• Demonstrate expertise in incident response and management.
• Demonstrate working in a 24/7 operational environment.
• Demonstrate experience and knowledge with security frameworks and standards such as NIST, ISO 27001, and CIS Controls.
• Demonstrate experience and knowledge of security technologies, tools, and methodologies (e.g. firewalls, IDS /IPS, SIEM systems).
• Demonstrate experience and knowledge with network protocols and architecture.
• Demonstrate experience and knowledge with data encryption techniques and key management practices.
• Demonstrate experience and knowledge with compliance requirements (FISMA).
• Demonstrate experience and knowledge with operating systems (e.g. Windows and Linux) and their security features.
• Demonstrate experience and knowledge with conducting and analyzing system scans.
• Demonstrate experience and knowledge with designing and implementing security internal policies, and agency standards, and procedures.
• Demonstrate experience and knowledge with risk assessment and management techniques.
• Demonstrate experience and knowledge with configuring and managing security tools and systems.
• Demonstrate expertise in the use of threat monitoring platforms.

Preferred Experience:

• Five (5) years of ISSO experience.
• Certifications - (CISSO, CISA, CISM, CISSP)

• Advanced and Managed IT Services 
• Agile Software Development 
• DevSecOps 
• Cybersecurity 
• Health IT 
• C4ISR & SIGINT 
• Data Center Engineering & Operations 
• Engineering & Installation 

• Commitment to Employees: We are committed to making ActioNet a great place to work and continue to invest in our ActioNeters. 
• Commitment to Customers: We are committed to our customers by driving and sustaining Service Delivery Excellence. 
• Commitment to Community: We are committed to giving back to our community, helping others, and making the world a better place for our next generation. 

• Medical Insurance 
• Vision Insurance 
• Dental Insurance 
• Life and AD&D Insurance 
• 401(k) Savings Plan 
• Education and Professional Training 
• Flexible Spending Accounts (FSA) 
• Employee Referral and Merit Recognition Programs 
• Employee Assistance and Identity Theft Protection 
• Paid Holidays: 11 per year 
• Paid Time Off (PTO) 
• Disability Insurance