General Dynamics Information Technology ยท 1 day ago
Lead Information System Security Officer (ISSO) - TS/SCI with Polygraph
McLean, VA
Full-time
Onsite
Lead/Staff
$164K/yr - $213K/yr
10+ years expGeneral Dynamics Information Technology is seeking a highly skilled Lead Information System Security Officer (ISSO) for a critical contract role supporting mission-critical systems. The role involves navigating FedRAMP, DOD IL6, and RMF requirements, managing security assessments, and ensuring compliance with security policies and controls.
Artificial Intelligence (AI)Cloud ComputingConsultingCyber SecurityInformation Technology
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Lead A&A Execution: Shepherd complex cloud service offerings, and Cross Domain Solutions (CDS) as needed, through the entire respective FedRAMP/DOD IL6 and RMF lifecycle to obtain and maintain the applicable authorizations
Documentation Mastery: Develop, author, and maintain a comprehensive body of evidence for A&A packages. This includes the FedRAMP/DOD IL6 authorization package and appendices, the DOD CDS authorization package requirements, and the IC joint test team authorization package requirements
Continuous Monitoring & POAM Management: Take full ownership of the monthly and overall FedRAMP/DOD IL6, DOD CDS, and IC Continuous Monitoring requirements
Compliance & Policy Adherence: Act as the primary technical interpreter of security requirements/controls, ensuring all network solutions and system architectures strictly adhere to mandates such as ICD 503, NIST SP 800-53, CNSSI 1253, and all applicable DISA STIGs and SRGs
Technical Security Integration: Review system designs, network architectures, and proposed changes to ensure security principles are integrated from the ground up
System Hardening & Configuration: Work with security engineering to implement and validate security controls, to ensure STIGs applied to operating systems, network devices, and applications
Vulnerability Management: Work with security engineering to proactively identify and assess vulnerabilities using tools like Tenable Nessus. Work with system administrators to prioritize and track remediation efforts, ensuring compliance with established timelines
Security Audits & Inspections: Conduct comprehensive security control audits, traditional security reviews, and formal inspections, including preparing for and executing FedRAMP/IL6 third-party assessment organization (3PAO) assessments, DOD CDS assessments, and IC assessments. (Potential to support DCSA classified space assessments.)
Artifact & Evidence Review: Meticulously review artifacts, logs, and system configurations to ensure they provide sufficient evidence of compliance. Audit the work of ISSEs and system administrators to verify documentation and security posture
Penetration Testing & Validation: Coordinate and/or participate in security testing and penetration testing activities to provide an independent validation of the system's security posture
Develop & Manage ConMon Strategy: Design, implement, and manage a robust continuous monitoring program that provides near real-time insight into the security posture of all accredited systems
Security Data Analysis: Leverage tools like Splunk, Grafana, eMASS, Xacta, and ServiceNow to aggregate, analyze, and report on security data. Identify trends, anomalies, and potential incidents, providing actionable intelligence to the ISSM and leadership
Risk Management: Perform formal risk assessments and analysis, identifying and documenting potential threats and vulnerabilities and recommending mitigating controls
Incident Response Support: Enable the ISSM and the incident response team with artifacts, providing in-depth system knowledge and security expertise during incident handling and analysis
Qualification
Required
Must be a U.S. Citizen
Must possess a current and active TS/SCI with Polygraph
Current, active DoD 8140 certification (i.e. Security+ CE, CISA, CISSP)
BA/BS Degree or equivalent experience in lieu of degree
10+ years of related experience
A minimum of 5 years of direct, hands-on experience as an ISSO, ISSM, or Auditor/Assessor
Proven track record of successfully achieving and maintaining ATO for multiple classified systems under IL6, DoD RMF, and/or ICD 503 policies
Progressive experience in Information Assurance and Cybersecurity roles
Expert-level knowledge of the complete NIST SP 800 series (especially 800-37, 800-53, 800-30) and risk management principles
Onsite at the classified operations center in McLean, VA
Preferred
Certified Information Systems Security Professional (CISSP) certification
Hands-on experience with security and GRC tools such as ACAS (Tenable.sc/Nessus), Splunk, Grafana, ServiceNow, eMASS, and Xacta
Deep understanding of network architecture, firewall configurations, and the PPSM process
Understanding of Microsoft Active Directory and implementing controls via Group Policy
CDS authorization processes and policies of the Intelligence Community (IC), Department of Defense (DoD), and SLED entities
Benefits
Comprehensive benefits and wellness packages
401K with company match
Variety of medical plan options, some with Health Savings Accounts
Dental plan options
A vision plan
Full flex work weeks
Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
Short and long-term disability benefits
Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance
Company
General Dynamics Information Technology
General Dynamics Information Technology is an IT consulting company that specializes in cyber security, AI, and quantum computing. It is a sub-organization of General Dynamics.
10001+ employees
Funding
Current Stage
Late StageLeadership Team
Paul Nedzbala
Senior Vice President
Ben Buckley
Vice President and General Manager
Recent News
2026-01-03
2025-12-16
Business Wire
2025-11-20
Company data provided by crunchbase