Information Systems Security Officer (ISSO)

Company: LightFeather
Location: Washington
Posted on: February 11, 2025

Job Description:

LightFeather is seeking a highly skilled Information Systems Security Officer (ISSO) to lead cybersecurity initiatives and ensure compliance with federal security standards. This offers an opportunity to contribute to securing critical information systems in a high-stakes environment. The ISSO will support Risk Management Framework (RMF) processes, vulnerability management, and security authorization activities to maintain system integrity and compliance.This is a Full Time, Remote Position.Responsibilities:Security Compliance & Authorization:

• Develop, maintain, and oversee security authorization packages in accordance with NIST 800-53, Risk Management Framework (RMF), and security policies.
• Support Assessment and Authorization (A&A) activities and ensure continuous adherence to FISMA compliance.
• Ensure Authority to Operate (ATO) status is maintained and updated as required.Continuous Monitoring & Risk Assessment:
  • Perform continuous monitoring, security reviews, and system audits to detect vulnerabilities and ensure compliance.
  • Conduct vulnerability scanning and penetration testing using tools such as Tenable Nessus, ACAS, and Qualys.
  • Analyze and document security risks, providing mitigation strategies and risk acceptance recommendations.Security Operations & Incident Response:
    • Coordinate with SOC teams to manage security incidents, remediation efforts, and forensic investigations.
    • Ensure proper logging, auditing, and SIEM integration for system monitoring and security event correlation.
    • Manage and enforce access control policies, including privileged account management and Active Directory security.Configuration & Change Management:
      • Evaluate, approve, and oversee security-related configuration changes, system updates, and patches.
      • Ensure security hardening and baseline compliance for Windows, Linux, and cloud-based systems.
      • Support endpoint detection and response (EDR) solutions for system integrity.Policy Development & Stakeholder Collaboration:
        • Develop and maintain security policies, SOPs, and technical documentation.
        • Engage with system administrators, developers, and project teams to integrate security controls during the Software Development Lifecycle (SDLC).
        • Communicate security risks and mitigation strategies to executive leadership and technical teams.Required Qualifications and Skills:
          • US Citizenship.
          • Active Top Secret clearance is strongly preferred (Secret clearance holders will be considered).
          • Bachelor's degree in Computer Science, Cyber Security, Information Systems, or a related field.
          • 5+ years of experience in cybersecurity, information assurance, or security engineering in a federal environment.
          • Strong expertise in NIST 800-53, RMF, FISMA, and A&A processes.
          • Hands-on experience with security tools such as:
            • eMASS (Enterprise Mission Assurance Support Service)
            • Tenable Nessus, ACAS, Qualys (Vulnerability scanning)
            • Splunk, ELK, ArcSight (SIEM and log analysis)
            • HBSS/ESS, McAfee/Trellix, Cylance, CrowdStrike (Endpoint security)
            • SCCM, WSUS, Ivanti (Patch management)
            • Proficiency in system administration and security configuration for:
              • Windows Server, Linux, Active Directory (Group Policy, GPO hardening)
              • Networking protocols, firewalls, IDS/IPS (e.g., Palo Alto, Cisco, Snort, Suricata)
              • Cloud security frameworks (AWS, Azure, FedRAMP compliance)
              • Scripting & automation experience (Python, PowerShell, Bash) for security operations.
              • Excellent problem-solving, analytical, and communication skills.Preferred:
                • Relevant certifications such as CISSP, CISM, CCSP, Security+, CEH, or CAP.
                • Experience supporting federal agencies.
                • Understanding of Zero Trust Architecture (ZTA) and ICAM (Identity, Credential, and Access Management) frameworks.
                • Knowledge of DevSecOps security best practices.
                • Experience with container security (Docker, Kubernetes, OpenShift).Why Join LightFeather?You'll be part of a team dedicated to meaningful impact, working on solutions that address mission-critical needs. Experience variety, fulfillment, and the opportunity to work with some of the best in the industry. We are committed to fostering a diverse and inclusive environment where everyone is valued and respected.Commitment to DiversityLightFeather is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.
                  #J-18808-Ljbffr

Keywords: LightFeather, Washington DC , Information Systems Security Officer (ISSO), IT / Software / Systems , Washington, DC