Job Title: Senior ISSO
Posted by: SAIC on Jul 09, 2025
Location:
Washington , DCJob Description:
Description
SAIC is seeking a Senior Information Systems Security Officer (ISSO) to support a critical U.S. government agency in the National Capital Region. This senior-level role is responsible for ensuring the security and compliance of agency information systems by implementing and managing security controls aligned with federal cybersecurity frameworks, including the NIST Risk Management Framework (RMF), FISMA, and NIST SP 800-53.
This is an excellent opportunity for an experienced cybersecurity professional to contribute to the secure provisioning, authorization, and ongoing monitoring of systems across both on-premise and cloud environments. The contractor ISSO will collaborate with Information System Security & Privacy Officers (ISSPOs), system owners, engineers, and governance teams to maintain the confidentiality, integrity, and availability of government systems.
Responsibilities:
Develop, implement, and maintain IT security controls in accordance with NIST SP 800-53, RMF, and agency security policies. Support the preparation, review, and submission of Security Authorization packages, including the System Security Plan (SSP), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M). Coordinate and prepare systems for Security Control Assessments (SCA), ensuring all artifacts are accurate and complete. Conduct and document Security Impact Analyses (SIAs) for changes to hardware, software, cloud infrastructure, or connectivity. Participate in configuration and change control processes, ensuring secure baselines are maintained and reflected in documentation. Assist in system categorization and validate asset inventories to ensure appropriate control baselines are applied. Assess control implementation effectiveness and identify deficiencies for remediation or risk acceptance. Document business justifications and mitigation strategies for risk acceptance proposals for Authorizing Officials. Support Continuous Monitoring by reviewing security alerts, system changes, and compliance evidence to ensure ongoing authorization. Contribute to the development, revision, and enforcement of security policies, procedures, and technical guidelines. Participate in internal IT governance processes, including exception handling, standards reviews, and control waivers. Support security awareness and training compliance for personnel with system access. Monitor evolving threats and recommend adaptive security controls in response to risk landscape changes. Prepare high-quality technical documentation, status reports, and risk briefings for internal and external stakeholders.
Qualifications
Requirements:
Bachelor's degree and 9+ years of IT security or systems security engineering experience, or Master's degree with 7+ years of experience. Hands-on experience implementing and managing security controls in enterprise or federal IT environments. Strong understanding of the NIST RMF, NIST SP 800-53, FISMA, and federal security policies including EO 14028 and OMB M-22-09. Experience performing risk assessments, preparing ATO documentation, and tracking control deficiencies in POA&Ms. Working knowledge of cloud security (AWS, Azure, GCP) and hybrid environments. Familiarity with enterprise platforms such as Microsoft 365, Azure AD, Cisco, and Oracle. Proficient in network and system security concepts, including IDS/IPS, VPNs, encryption, secure baselining, and OS hardening. Experience supporting third-party security assessments or audits. Strong documentation, reporting, and communication skills, including the ability to convey complex technical issues to non-technical audiences. Proficient in Microsoft Office (Word, Excel, PowerPoint, SharePoint).
Preferred Qualifications:
Current cybersecurity certification such as CISSP, CISM, or Security+. Experience with GRC and SA&A tools such as Archer, eMASS, CSAM, or Xacta. Familiarity with FedRAMP, cloud compliance requirements, and federal privacy regulations. Knowledge of OWASP Top 10 and modern application security best practices. Understanding of adversary TTPs and frameworks such as MITRE ATT&CK. Ability to work independently and manage priorities in a fast-paced, dynamic environment.
Clearance Requirement:
All candidates must be eligible to obtain and maintain a U.S. Public Trust clearance.
**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC is seeking a Senior Information Systems Security Officer (ISSO) to support a critical U.S. government agency in the National Capital Region. This senior-level role is responsible for ensuring the security and compliance of agency information systems by implementing and managing security controls aligned with federal cybersecurity frameworks, including the NIST Risk Management Framework (RMF), FISMA, and NIST SP 800-53.
This is an excellent opportunity for an experienced cybersecurity professional to contribute to the secure provisioning, authorization, and ongoing monitoring of systems across both on-premise and cloud environments. The contractor ISSO will collaborate with Information System Security & Privacy Officers (ISSPOs), system owners, engineers, and governance teams to maintain the confidentiality, integrity, and availability of government systems.
Responsibilities:
Develop, implement, and maintain IT security controls in accordance with NIST SP 800-53, RMF, and agency security policies. Support the preparation, review, and submission of Security Authorization packages, including the System Security Plan (SSP), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M). Coordinate and prepare systems for Security Control Assessments (SCA), ensuring all artifacts are accurate and complete. Conduct and document Security Impact Analyses (SIAs) for changes to hardware, software, cloud infrastructure, or connectivity. Participate in configuration and change control processes, ensuring secure baselines are maintained and reflected in documentation. Assist in system categorization and validate asset inventories to ensure appropriate control baselines are applied. Assess control implementation effectiveness and identify deficiencies for remediation or risk acceptance. Document business justifications and mitigation strategies for risk acceptance proposals for Authorizing Officials. Support Continuous Monitoring by reviewing security alerts, system changes, and compliance evidence to ensure ongoing authorization. Contribute to the development, revision, and enforcement of security policies, procedures, and technical guidelines. Participate in internal IT governance processes, including exception handling, standards reviews, and control waivers. Support security awareness and training compliance for personnel with system access. Monitor evolving threats and recommend adaptive security controls in response to risk landscape changes. Prepare high-quality technical documentation, status reports, and risk briefings for internal and external stakeholders.
Qualifications
Requirements:
Bachelor's degree and 9+ years of IT security or systems security engineering experience, or Master's degree with 7+ years of experience. Hands-on experience implementing and managing security controls in enterprise or federal IT environments. Strong understanding of the NIST RMF, NIST SP 800-53, FISMA, and federal security policies including EO 14028 and OMB M-22-09. Experience performing risk assessments, preparing ATO documentation, and tracking control deficiencies in POA&Ms. Working knowledge of cloud security (AWS, Azure, GCP) and hybrid environments. Familiarity with enterprise platforms such as Microsoft 365, Azure AD, Cisco, and Oracle. Proficient in network and system security concepts, including IDS/IPS, VPNs, encryption, secure baselining, and OS hardening. Experience supporting third-party security assessments or audits. Strong documentation, reporting, and communication skills, including the ability to convey complex technical issues to non-technical audiences. Proficient in Microsoft Office (Word, Excel, PowerPoint, SharePoint).
Preferred Qualifications:
Current cybersecurity certification such as CISSP, CISM, or Security+. Experience with GRC and SA&A tools such as Archer, eMASS, CSAM, or Xacta. Familiarity with FedRAMP, cloud compliance requirements, and federal privacy regulations. Knowledge of OWASP Top 10 and modern application security best practices. Understanding of adversary TTPs and frameworks such as MITRE ATT&CK. Ability to work independently and manage priorities in a fast-paced, dynamic environment.
Clearance Requirement:
All candidates must be eligible to obtain and maintain a U.S. Public Trust clearance.
**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Pay Rate:
Unspecified
HR. Website URL:
http://saiccareers.ttcportals.com/search/jobs?q=&location=
Sign Up to Apply to this position
(if you already have a CGO account, just press the button below)
About SAIC
SAIC® is a premier Fortune 500® technology integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives. We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.
Please visit this employer's Public Profile to see more jobs offered by SAIC