|
Tharros is seeking a Senior Information Systems Security Officer to support a DHS Intelligence and Analysis cybersecurity program in the National Capital Region.
This role will support ISSO operations across a complex Federal cybersecurity environment, including Assessment and Authorization, continuous monitoring, ATO package maintenance, POA&M management, security artifact quality, cloud and hybrid system support, and cybersecurity compliance. The ideal candidate is a hands-on ISSO who can maintain accurate authorization evidence, coordinate with technical teams, and help keep mission systems secure, compliant, and authorization-ready.
Responsibilities:
- Perform ISSO duties for assigned Federal information systems.
- Support RMF activities, including system categorization, control implementation support, assessment readiness, authorization package maintenance, and ongoing monitoring.
- Develop, review, validate, and maintain security artifacts such as SSPs, POA&Ms, risk exceptions, contingency plans, privileged user documentation, and privacy-related artifacts.
- Create, maintain, and monitor ATO packages in GRC tools.
- Support POA&M development, validation, remediation tracking, exception documentation, closure, and reporting.
- Collaborate with system owners, ISSOs, ISSMs, developers, engineers, assessors, and other stakeholders to address vulnerabilities, security findings, and remediation actions.
- Review vulnerability scan results and support recurring continuous monitoring activities.
- Support audit log review, alert response, and documentation of follow-up actions.
- Ensure assigned systems remain aligned with applicable cybersecurity policies, procedures, and decommissioning requirements.
- Support quarterly cybersecurity performance and compliance reporting.
- Provide ISSO support across hybrid environments, including classified and unclassified on-premise systems, cloud-based systems, DevSecOps environments, and agile development teams.
- Support security for operating systems and technologies including Linux, Windows, open-source operating systems, and cloud platforms.
- Support Cross Domain Solution security governance, assessment, and authorization activities.
- Help improve ISSO workflows, evidence management, POA&M tracking, continuous monitoring, and risk reporting through automation and repeatable processes.
- Translate compliance status, vulnerability data, and remediation progress into clear updates for technical and leadership stakeholders.
- Active TS/SCI
- 10+ years of related cybersecurity experience.
- At least 2 years of recent experience in A&A, FISMA compliance, IC cybersecurity policy and standards, continuous monitoring, CDS, and secure cloud and hybrid engineering.
- Experience applying NIST 800 series, CNSSI 1253, security controls, and RMF principles.
- Experience with emerging security risk management practices, including automation of A&A and continuous monitoring activities.
- CISM, CAP, or GRC certification, or comparable demonstrable experience.
- Experience developing, reviewing, or maintaining SSPs, POA&Ms, risk exceptions, contingency plans, privileged user documentation, ATO packages, and continuous monitoring evidence.
- Experience working with GRC tools and coordinating with technical teams to remediate vulnerabilities and maintain authorization readiness.
- Strong written and verbal communication skills.
- Ability to work onsite at a Government-approved location as required.
Preferred Qualifications:
- Prior DHS, Intelligence Community, DoD, CISO office, ISSM, AO, SCA, or national security ISSO experience.
- Experience supporting large ISSO portfolios, classified systems, hybrid cloud environments, DevSecOps evidence collection, continuous monitoring, and audit readiness.
- Experience with Archer, eMASS, Xacta, ACAS, Tenable.sc, Splunk, GitLab, Axonius, STIG/SCAP validation, or related Federal cybersecurity tools.
- Experience with AWS, Microsoft Azure, Microsoft 365, or other cloud platforms.
- Experience supporting TS/SCI, SCIF, cross-domain, or secure mission environments.
|