Information Systems Security Officer

Description

The Leidos Digital Modernization Sector is currently pursuing a new opportunity and is seeking a Information System Security Officer (ISSO) to work in Tampa, FL to play a crucial role in a landmark Zero Trust (ZT) surge initiative for our client. This is an exciting opportunity to use your experience helping the U.S. Special Operations Command (USSOCOM) Enterprise Development, Application, and Training (EDAT) mission. In this mission we are focused on providing innovative, data-driven solutions and enterprise architecture enhancements to enable seamless operations across USSOCOM's global network. The program emphasizes rapid development and deployment of technologies to enhance the mobility and readiness of Special Operations Forces (SOF) in both combat and non-combat scenarios. Key tasks include program management, application development, training support, and technology integration to maintain USSOCOM's operational edge. The EDAT program underscores agility and adaptability, ensuring SOF professionals have access to the information and tools they need to meet evolving mission requirements.

• Serve as the lead Information Systems Security Officer (ISSO) embedded with a software development team, ensuring that all cybersecurity compliance requirements are met throughout the Software Development Lifecycle (SDLC) for Azure-based portal and gateway applications.
• Guide the development team in interpreting and applying DoD cybersecurity policies, NIST RMF guidance, and DISA STIG requirements throughout system development and deployment.
• Ensure full compliance with applicable security frameworks, including the NIST Risk Management Framework (RMF), FedRAMP, and the DISA Cloud Computing Security Requirements Guide (SRG).
• Own and maintain key security documentation such as the System Security Plan (SSP), Plan of Action and Milestones (POA&M), Security Assessment Report (SAR), and supporting artifacts required for achieving and sustaining an Authority to Operate (ATO).
• Coordinate closely with Authorizing Officials (AOs), Information System Security Managers (ISSMs), system owners, and other stakeholders to manage and drive the ATO process across multiple classification levels.
• Provide oversight and direction for the integration of enterprise cybersecurity services (e.g., ACAS, HBSS, BCAP, PKI/ICAM) and ensure these services are properly accounted for in security documentation and compliance testing.
• Monitor and assess system vulnerabilities and audit results; ensure findings are documented and tracked to closure in accordance with policy.
• Participate in Agile and Waterfall development meetings to provide governance input and security policy guidance that aligns with DoD accreditation expectations.
• Stay informed of changes in DoD cybersecurity guidance, threat landscape developments, and cloud security best practices to adjust compliance strategies as needed.

• Bachelor's degree in Cybersecurity, Information Assurance, or related discipline and 8-12 years of relevant experience, or a Master's degree with 6-10 years of relevant experience additional years of applicable experience will be accepted in lieu of a degree.
• Active Top Secret security clearance.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or CompTIA Advanced Security Practitioner (CASP+).
• Demonstrated knowledge of the NIST RMF, eMASS workflows, and DoD cloud accreditation processes.
• Proven experience managing security compliance for cloud-hosted solutions in Azure or similar environments.
• Strong understanding of DISA STIGs, NIST 800-53 controls, and vulnerability management processes.
• Familiarity with DevSecOps and Agile SDLC methodologies from a governance and compliance oversight perspective.
• Excellent written and verbal communication skills with the ability to brief complex security concepts to both technical and non-technical stakeholders.

• Master's degree in Cybersecurity, Information Assurance, or a related field.
• 8+ years of experience as an ISSO or in a similar cybersecurity compliance oversight role supporting DoD systems.
• Advanced certifications such as CISSP-ISSEP, CISM, or GIAC Security Leadership Certification (GSLC).
• Experience supporting ATO packages in Azure and other cloud environments.
• Familiarity with supporting systems at multiple classification levels (e.g., Unclassified, Secret).
• Proven success in liaising with AOs, ISSMs, and system owners to navigate and expedite RMF-based accreditation efforts.
• Experience mentoring junior cybersecurity personnel and fostering a compliance-driven security culture within cross-functional teams.
• Knowledge of emerging cybersecurity technologies and their implications for DoD cloud security compliance.
• Please disregard the pay range listed on the posting. Positions will range from entry to experienced and the ranges here do not reflect each of those levels. Salary for each position will be determined by position, years of experience, and fit for the role.