Information System Security Officer (ISSO) - Military veterans preferred



  full-time   employee

District of Columbia
United States


SAIC has a job opening for an Information System Security Officer (ISSO) in Washington, DC.  The ISSO performs various tasks to ensure that the appropriate operational security posture is maintained on the General Support System (GSS) and several cloud-hosted subsystems of a Federal agency. The candidate will serve on an ISSO team and work in close collaboration with the system’s Information System Owner (ISO). Specific responsibilities include:

  • Coordinate with technology subject matter experts to maintain currency of the system’s technical description
  • Develop and maintain implementation statements for applicable and hybrid controls
  • Develop and maintain security artifacts including SSP, FIPS 199, PTA/PIA and ISCM Plan
  • Review work instructions and operational procedures for compliance with security requirements and policy
  • Interpret security principles and requirements for technical teams
  • Collaborate with ISSOs of other FISMA systems to ensure continued compliance with security control inheritance conditions
  • Monitor remediation of system vulnerabilities discovered by scanning tools
  • Formulating, creating, and tracking security Plans of Action and Milestones (POA&Ms)



  • ·        Active CompTIA Security+ or (ISC)2 CISSP certification
  • ·        At least two (2) years or two (2) engagements serving as an ISSO at a Federal agency
  • ·        Bachelor's degree or equivalent and at least four years of security-related experience
  • ·        Demonstrated experience with implementation of NIST Risk Management Framework and familiarity with Cyber Security Framework
  • ·        Experience using Cyber Security Assessment and Management (CSAM) or equivalent assessment and authorization management tool
  • ·        Strong communication and writing skills
  • ·        Fluent in all Microsoft Office products (Word, PowerPoint, Excel, Project, Visio)



  • ·        Broad understanding of security protections typical in enterprise environments, including security hardening, firewalls and input filtering, DiD architectures and boundary/endpoint best practices
  • ·        Basic understanding of server, workstation, network, database and web technologies
  • ·        Familiarity with Splunk, Symantec Endpoint Protection, Tenable Security Center, IBM BigFix and Cisco IDS/IPS tools
  • ·        Proactive and aggressive, functions with little guidance, but also functions well in team environment

SECURITY CLEARANCE: All candidates for consideration must be eligible to obtain a US public trust clearance.