Information System Security Officer (ISSO)

Description

The Multi Domain Solutions Division at Leidos is looking for an Information Systems Security Officer (ISSO) to support a fast-paced program with the Air Force Life Cycle Management Center located in Oklahoma City, OK. This role involves supporting the delivery of comprehensive IT and support services to ensure mission success while adhering to DoD standards and regulations. The ISSO will oversee the cybersecurity posture of DoD information systems, ensuring compliance with DoD security standards and protecting sensitive data. The ISSO will develop and implement security policies, conduct risk assessments, manage system accreditations (RMF), and lead continuous monitoring efforts. The role requires collaboration with cross-functional teams to enforce security controls and manage incident response. The ISSO will also maintain security documentation and ensure ongoing compliance with applicable regulations. The ISSO will be expected to be proficient technically & to perform hands-on cybersecurity tasks.

• Collaborate daily with the ISSM to provide expert cybersecurity guidance and recommendations.
• Support the development, implementation, and maintenance of security policies, procedures, and documentation to ensure compliance with DoD security standards and regulations (e.g., NIST, RMF, FISMA).
• Oversee the security posture of DoD information systems, ensuring they meet cybersecurity requirements for confidentiality, integrity, and availability.
• Perform risk assessments, vulnerability assessments, and security audits to identify system vulnerabilities and provide remediation strategies.
• Manage and conduct continuous monitoring of security controls, ensuring the protection of classified and unclassified data.
• Coordinate with cross-functional teams (engineering, IT, operations) to implement and enforce security protocols and best practices.
• Ensure the accreditation process for DoD systems (e.g., RMF accreditation) is completed and maintained in compliance with all applicable requirements.
• Act as the primary point of contact for security-related issues, coordinating incident response and reporting to senior management and government customers.
• Provide security training and awareness programs for personnel involved in the operation of DoD systems.
• Maintain and track security documentation, including system security plans (SSPs), risk assessments, and Plan of Actions & Milestones (POA&Ms).
• Stay current with emerging cybersecurity threats, vulnerabilities, and trends to ensure the program adapts to evolving security challenges.

• US Citizen with at least a Top Secret clearance and the ability to obtain and SCI prior to your start date.
• Bachelor's degree with 8+ years of experience or a Master's degree with 6+ years of experience. Additional experience may be considered in lieu of a degree.
• In-depth knowledge of DoD cybersecurity policies, frameworks, and compliance standards (e.g., NIST 800-53, RMF, FISMA, ICD 503, JSIG, DAAPM).
• Must have a DoD 8140 Intermediate certification (e.g. Cloud+, Security+, etc.).
• Experience with system security engineering, risk management, and vulnerability assessments.
• Strong understanding of network security, security controls, and common cybersecurity tools (e.g., firewalls, IDS/IPS, SIEM, endpoint protection).
• Ability to work independently and collaborate effectively with cross-functional teams.
• Strong communication skills, including the ability to create and present detailed security reports to stakeholders.
• Interest in continuous learning and professional development in cybersecurity.

• DoD 8140 Advanced certification e.g. CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), etc.
• Experience with the Risk Management Framework (RMF) for DoD system accreditations and continuous monitoring processes.
• Experience in managing security for complex DoD programs or mission-critical systems.
• Familiarity with cloud security practices and systems, particularly in a hybrid or government cloud environment.
• Experience with security tools for vulnerability scanning, penetration testing, and security auditing.
• Cloud security certifications (e.g. Azure Security Technologies or AWS Certified Security Specialty).
• Experience with configuration management and change management processes in a secure environment.