Information System Security Officer

Oxenham Group LLC

Lorton, VA

JOB DETAILS
SALARY
$140,000–$180,000 Per Year
SKILLS
Access Authorization, Analysis Skills, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, Computer Science, Computer Security, Configuration Management, Cross-Domain Solutions (CDS), Detail Oriented, DoD Directive 8140, DoD Directive 8570, Documentation, Government, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Intelligence Community, Internet Security, Leadership, Linux Operating System, Machine Tool, Maintain Compliance, Management of Information Systems/Technology (MIS), Microsoft Windows Operating System, Problem Solving Skills, Project/Program Management, Record Keeping, Reporting Skills, Risk Analysis, Risk Management, Risk Management Framework (RMF), SAP, Security Analysis, Security Auditing, Sensitive Compartmented Information (SCI), Splunk, Strategic Planning, System Operations, Systems Administration/Management, Systems Maintenance, Top Secret Clearance, Traceability, U.S. National Institute of Standards and Technology (NIST), United States Department of Defense (DoD), Virtualization, Vulnerability Scanners
LOCATION
Lorton, VA
POSTED
19 days ago
Information System Security Officer (ISSO)
Clearance: Active TS/SCI required Environment: Classified DoD / Special Access Program (SAP) and SCI

About the Role
We are seeking an experienced Information System Security Officer (ISSO) to support the cybersecurity, compliance, and risk management of DoD information systems operating in classified and controlled environments. Working alongside the ISSM, system administrators, engineers, program managers, and government stakeholders, the ISSO helps ensure systems remain compliant with the Joint SAP Implementation Guide (JSIG), the DoD Risk Management Framework (RMF), and applicable Intelligence Community and DoD directives.
This is a hands-on role spanning the full RMF lifecycle from implementing and assessing security controls to maintaining Authorization to Operate (ATO) and executing continuous monitoring. It's well suited to a detail-oriented security professional who wants ownership of authorization packages and direct engagement with government customers in a mission-focused setting.

What You'll Do
RMF & Cybersecurity Compliance
  • Implement and maintain cybersecurity requirements in accordance with JSIG, RMF, and applicable DoD policy.
  • Develop, maintain, and update core RMF documentation: System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Plans of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), and Continuous Monitoring Plans.
  • Ensure security controls are implemented and sustained against approved security baselines.
  • Support security authorization efforts across the full RMF lifecycle.
Continuous Monitoring & Vulnerability Management
  • Execute continuous monitoring activities to sustain system authorization.
  • Review and analyze vulnerability scan results from tools such as ACAS, track remediation, and validate closure.
  • Conduct risk assessments and help develop mitigation strategies.
  • Evaluate proposed system changes for security impact and support configuration management.
Security Operations
  • Coordinate and support security audits, inspections, and assessments.
  • Investigate, document, and respond to cybersecurity incidents.
  • Ensure audit logs are reviewed and retained per security requirements.
  • Verify system hardening and secure configurations, partnering with security engineers as needed.
  • Enforce least-privilege and separation-of-duties principles, and provide security guidance to users and administrators.
Documentation & Reporting
  • Maintain accurate cybersecurity records and artifacts required for compliance reviews.
  • Prepare reports and briefings for program leadership, the ISSM, and government representatives.
  • Maintain the evidence base required for internal and external assessments and authorization activities.

Required Qualifications
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field (or equivalent experience).
  • 5+ years of cybersecurity, information assurance, or information systems security experience.
  • Direct experience supporting DoD RMF processes and cybersecurity compliance.
  • Working knowledge of JSIG requirements and artifacts, NIST SP 800-53 controls, STIG implementation, and vulnerability management.
  • Active TS/SCI clearance.
  • Current DoD 8570/8140-compliant certification (e.g., CISSP, CISM, CASP+, or CISA).

Preferred Qualifications
  • Experience supporting SAP, SCI, or other classified environments.
  • Hands-on experience across Windows, Linux, and virtualized environments.
  • Familiarity with Cross Domain Solutions (CDS) and cloud security in DoD environments.
  • Proficiency with security tooling such as ACAS, Splunk, Tenable, or Trellix ePO.
  • Experience building and supporting security assessment and authorization packages.
  • Strong analytical, problem-solving, and documentation skills, with the ability to work independently and collaboratively in a mission-driven team.

About the Company

O

Oxenham Group LLC