Information System Security Officer (ISSO) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Spry Methods, Inc. · 1 month ago

Information System Security Officer (ISSO)

positionWashington, DC
timeFull-time
remoteOnsite
seniorityMid Level
date3+ years exp

Spry Methods, Inc. is seeking an Information System Security Officer (ISSO) to ensure the security posture of mission-critical applications and infrastructure across various network enclaves. The role involves developing and enforcing security policies, implementing cybersecurity controls, and conducting continuous monitoring and risk assessments in compliance with federal mandates.

ComputerEnterpriseInformation Technology
check
Work & Life BalancebadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Serve as the principal cybersecurity advisor to system owners and stakeholders
Design, analyze, and test of information security systems, products, cloud architectures and cloud solutions
Provide recommendations and/or alternatives to mitigate impact of system security boundary changes as part of any potential re-architecting and/or re-design activities
Develop, implement, and evaluate security controls, measures, and frameworks in cloud-based systems to ensure data integrity, confidentiality, and availability
Perform risk analysis, vulnerability assessments, and security audits to identify and address potential weaknesses in cloud environments
Follow all appropriate security authorization process for requesting and maintaining an Authority to Operate (ATO)
Responsible for ensuring operational security is maintained for assigned information systems
Ensure systems are operated, maintained, disposed of in accordance with security policies and practices
Perform Security Incident Reporting and Response
Coordinate with the Office of the Chief Information Officer (OCIO), Security Division, and others to provide documentation to the system Certification and Accreditation process
Ensure audits and reviews are responded to with accurate information
Perform system access control responsibilities
Participate in the change management process for assigned applications
Work with Product Owner, Product Manager, OCIO, Security Division, and other stakeholders to ensure security concerns are addressed during all phases of system lifecycle
Perform continuous system security monitoring
Implement and manage cloud-native and third-party security tools for monitoring, threat detection and vulnerability management
Act as a SME on Cloud Security while applying methods, standards, and approaches for ensuring the baseline security safeguards are appropriately implemented and documented
Provides reports to superiors regarding effectiveness of data security and makes recommendations for the adoption of new procedures
Draft and keep updated information security documentation to include System Security Plan, Information System Contingency Plan, Plan of Actions and Milestones (POA&M), Privacy Threat Assessment, Privacy Impact Assessment, and Configuration Management Plan
Responsible for ensuring the implementation and maintenance of annual security controls assessments
Assist with FISMA System audits as necessary. Leverage necessary vulnerability assessment and scanning tools including Nessus and ACSA to identify vulnerabilities, Splunk tools to monitor, detect and rectify misconfigurations
Working directly with development, platform, and infrastructure teams on security problems

Qualification

Federal cybersecurity frameworksCloud security AWSCloud security AzureVulnerability assessment toolsSecurity certificationsSplunkAgile methodologiesInformation Security PrinciplesRisk analysisChange managementIncident responseTechnical writingProject management

Required

TS Clearance with SCI eligibility
3 - 5 years of experience required
Extensive experience with federal cybersecurity frameworks, including RMF, NIST 800-53, CNSS, and FISMA
Experience supporting cloud security in environments such as AWS GovCloud, C2S, SC2S, and Microsoft Azure
Analyze logs using Splunk and AWS tools
Hands-on experience with vulnerability assessment and configuration tools such as Nessus, ACSA, and Splunk
Work with GRC tools such as Xacta/JCAM
Hold at least one of the following security certifications. Example: Security +, CGRC, CASP, CISSP
Experience using Atlassian suite tools such as JIRA/CONFLUENCE
Experience with Agile Methodologies/SAFe
Expertise on Information Security Principles, processes and guidelines
Able to obtain and maintain an Authority to Operate (ATO) for Information Systems
Experience with scanning tools such as Tenable Nessus
Ability to work on multiple projects with various timelines, at times very short deadlines

Preferred

Certifications: CISSP, CISM, CAP, Security+, AWS Certified Security – Specialty, or other relevant certifications
Experience in a high-side or multi-enclave (U/S/TS) environment
Experience working with Agile development teams and CI/CD pipelines
Familiarity with Infrastructure as Code (IaC) and cloud configuration management tools (e.g., Terraform, Ansible)
Familiarity with NIST 800-53 Rev. 5

Company

Spry Methods, Inc.

twittertwittertwitter
company-logo
Spry is a certified Small Business headquartered in McLean, VA.
dateFounded in 2000
location
Mclean, Virginia, USA
people-size51-200 employees
web-link
https://www.sprymethods.com

Funding

Current Stage
Growth Stage

Leadership Team

T
Ted Ahn
Co-Chief Executive Officer
linkedin

Recent News

Washington Technology
Two dozen corporate leadership moves to note as 2026 begins
2026-01-11
EIN Presswire
Koniag Government Services Expands Strategic Partner Program to Strengthen Commitment to Small Businesses
2025-01-28
Company data provided by crunchbase