Job Description:

The Information Systems Security Engineer (ISSE) is responsible for the execution of all processes and requirements for the accreditation of a system.

Here's what you'll need:

• 5 to 10+ years of experience with one or more of the following:
  • Accreditation and Authorization (A&A) process of the customer, including roles involving the successful completion of this process.
  • Accreditation and Authorization (A&A) process involving applications on various security domains.
  • Creation, administration, and maintenance of the body-of-evidence documentation and artifacts required in the A&A process.
  • ICD 503 and Risk Management Framework (RMF).
  • Submitting systems for security scanning, analyzing scan results, and planning and performing remediations.
  • Cloud Security Assessment: Assessing and implementing security requirements on a cloud-hosted application.
  • The security conditions at all layers of an application (data, application, user interface, user accounts/roles/permissions, etc.).
  • Application security architecture and design.
  • Web application security testing.
  • Application security remediation.

Bonus points if you have:

• CISSP (certified or in progress) highly preferred

Security clearance:

• Active TS/SCI with Poly security clearance is required

As a Risk Management Framework (RMF) Information Systems Security Engineer (ISSE)/ Information Systems Security Officer (ISSO), you will be responsible for overseeing the security posture of complex information systems, ensuring compliance with the Risk Management Framework (RMF).

Responsibilities

Your day-to-day activities will involve conducting thorough risk assessments, performing security testing, and analyzing security controls to identify and mitigate vulnerabilities.

• You will be tasked with developing and maintaining critical documentation such as System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Traceability Matrices (SCTM), Risk Assessment Reports, Concepts of Operations (CONOPS), and Security Control Assessment Plans.
• Your role will also require you to monitor systems for security events, conduct regular audits, and provide recommendations for secure system architecture.
• To excel in this position, you should have hands-on experience with host and network access controls, incident response and handling methodologies, as well as a deep understanding of network protocols and the latest system and application security threats.
• Familiarity with tools and processes related to system monitoring, vulnerability management, and security auditing will be highly beneficial.
• Strong communication skills are essential, as you will be expected to clearly articulate security risks and recommendations to both technical and non-technical stakeholders.
• Holding one of the advanced 8140 certifications—such as CISSP, CISM, CCISO, CySA+, GSLC, GSNA, ISSEP, or CISA—is a requirement, ensuring you bring a high level of expertise and leadership to the security team.

Here is what you need

• Experience with risk assessment and conducting security testing
• Hands-on experience applying the Risk Management Framework (RMF)
• Familiarity with incident response and handling methodologies
• Awareness of system and application security threats and vulnerabilities
• Experience developing and maintaining security documentation, including any of these:
  • System Security Plans (SSP)
  • Plan of Actions and Milestones (POA&M)
  • Security Control Traceability Matrix (SCTM)
  • Risk Assessment Reports
  • Concept of Operations (CONOPS)
  • Security Control Assessment Plans
• Requires one of the following 8140 Advanced certifications;
  • Certified Chief Information Security Officer (CCISO)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • CompTIA Cybersecurity Analyst (CySA+)
  • GIAC Security Leadership Certification (GSLC)
  • GIAC Systems and Network Auditor (GSNA)
  • Information Systems Security Engineering Professional (ISSEP)

Nice to have

• Knowledge of network protocols
• Knowledge of secure system architecture and system monitoring
• Strong security control analysis skills
• Experience conducting system audits
• Understanding of host and network access controls

Clearance

• An active TS/SCI is required

Job Description

The Information System Security Officer (ISSO)/Privacy Engineer (Subject Matter Expert) will provide expert guidance on security and privacy strategies and methodologies, develop and implement enterprise-level security and privacy programs, and oversee complex security and privacy projects. Conduct advanced research on emerging threats and regulatory changes, developing strategic initiatives to enhance the organization's security and privacy posture, and serving as the primary advisor on security and privacy matters for senior leadership. Represent the organization at industry conferences and forums, sharing insights and best practices, and collaborate with senior leadership to ensure that security and privacy measures are integrated into the overall business strategy. Responsible for security compliance and privacy controls. Lead the development of innovative security and privacy solutions, conduct advanced risk assessments, and oversee the implementation of cutting-edge security and privacy technologies. Develop and maintain relationships with key stakeholders in the security and privacy community, including government agencies and industry partners. Lead security and privacy architecture reviews, provide expert guidance on complex compliance challenges, and drive the adoption of best practices across the organization.

Must have:

• 4 years of experience with security and privacy programs and compliance for complex technical systems.
• Demonstrated ability to develop, implement, and oversee security and privacy controls, conduct advanced risk assessments, and ensure continuous audit readiness
• Must meet DoD 8140 requirements
• Bachelor’s degree (or an additional 4 years of experience) in IT, Cybersecurity, Computer Science, Information Systems, Data Science, Software Engineering, or related field

Security Clearance:

• Active TS/SCI clearance

The work
The Senior ISSO will provide security governance and compliance oversight for critical systems, ensuring adherence to federal security requirements and maintaining continuous authorization. This role leads the development, review, and maintenance of key security artifacts including System Security Plans (SSPs), Security Assessment Reports (SARs), and POA&Ms. The ISSO navigates frameworks such as NIST 800-series, FedRAMP, FISMA, and RMF to guide system owners through security compliance activities and ATO preparation.

Key responsibilities:
• Create and maintain FISMA-required documentation, including SSPs and SARs
• Develop and manage POA&Ms, providing guidance on mitigation strategies
• Prepare and submit ATO packages in alignment with NIST, FedRAMP, FISMA, and RMF requirements
• Conduct ongoing review and analysis of network and application vulnerability and compliance scans
• Lead vulnerability review meetings and provide actionable insights to leadership
• Ensure systems align with security policies and comply with federal standards
• Collaborate with OCIO, system owners, and administrators to resolve findings and maintain security posture

Here’s what you need:
• Bachelor’s degree (required)
• Minimum 8 years of cybersecurity or ISSO experience
• Experience with a GRC tool (XACTA or JCAM preferred)
• Experience with vulnerability management, log review, and security control assessment
• Strong knowledge of RMF, FISMA compliance, and federal security documentation

Nice to have:

• Certifications such as CISSP, CISM, Security+, CAP
• Experience with cloud environments (on-prem, AWS, Azure)
• Experience supporting security audits in a federal agency environment
• Familiarity with SIEM and EDR platforms
• Experience developing and delivering security awareness training

Eligibility requirements:

• US Citizen (no dual citizenship)
• Active TS clearance with SCI eligibility (TS/SCI)
• Ability to work on-site as required

Accenture Federal Services is seeking an Information System Security Officer (ISSO) to apply cybersecurity and Risk Management Framework (RMF) experiences to Amazon Web Service (AWS) cloud platform, to include infrastructure, applications, data, and people. If you are looking to grow and develop in cloud cybersecurity, this is the job for you!

What you’ll do:

• Coordinate with the ISSM and ISSE to deploy and monitor an Amazon Web Service (AWS) cloud platform in compliance with RMF 800-53 and JSIG processes to receive IATT and ATO at multiple classification levels
• Assist in developing infrastructure-as-code (IaC) and configuration-as-code (CaC) to orchestrate the automated deployment of cloud security solutions (e.g. SIEM, HBSS, NGFW, ACAS, etc.) using Ansible and Terraform
• Orchestrate and perform security scans and vulnerability assessments as needed to meet policy, procedures, and client standards
• Collaborate with engineering and networking teams on the cloud platform’s deployment

What you’ll need:

• 5 years of experience in information technology
• 5 years of experience implementing NIST 800-53, Rev 4 and the Risk Management Framework (RMF)
• 5 years of experience with Windows and/or Linux environments
• 5 years of experience using information security and assurance practices and principles
• Familiarity with AWS cloud-based systems/tools
• DoD 8570 IAT Level II certification or higher (e.g.: Sec+, CISSP, CASP, etc.)

Bonus points if you have:

• ACAS/Nessus for scanning SIEM/Splunk to configure and operate SIEM, create dashboards, reports Incident handling procedures
• Experience managing other Cyber professionals 
• AWS certification
• Other Security related certifications (Cloud, SIEM, forensics, Linux, Windows, etc)
• Experience working in a DevSecOps project environment
• Experience with MS Active Directory, Splunk, ACAS/Nessus, McAfee, Windows, Linux, AWS Security, etc.
• Able to engage with users in a professional manner and present technical concepts plainly to semi-technical customers
• Ability to interface with seasoned Government personnel
• Ability to work in a matrixed team environment and support multiple different efforts as needed
• Desire to learn new technologies and tools and willing to share your experience with the team
• JSIG or ICD 503 compliance

Clearance:

Must have an active TS/SCI level clearance

Accenture Federal Services is seeking an Information System Security Officer (ISSO) to support the security, compliance, and risk management of cloud-based information systems. This role focuses on implementing and maintaining security controls, supporting authorization activities and ensuring systems operate in accordance with established security standards and regulatory requirements.

What you’ll own:  

• Implement and manage security controls across cloud-based information systems
• Support system authorization activities (A&A) and continuous monitoring efforts
• Conduct security assessments and risk analyses to identify vulnerabilities and recommend mitigation strategies
• Review system configurations and security documentation to ensure compliance with established baselines
• Coordinate with system administrators and engineers to support secure system operations
• Analyze logs and monitoring tools to identify anomalies, threats, and security events

What you’ll deliver:  

• Systems that meet security requirements and maintain compliance with authorization standards
• Timely identification and remediation of vulnerabilities and security findings
• Accurate and complete security documentation supporting system authorization and audits
• Continuous monitoring activities that improve overall system security posture

Here's what you need:  

• 3 years of experience implementing security controls and managing cyber risk using RMF, JSIG, or ICD 503 frameworks
• 2 years of experience reviewing security documentation and conducting vulnerability assessments
• Experience supporting security implementation in cloud environments
• Bachelor's degree in Computer Science, Information Systems, Engineering, or related field, or 4+ years of relevant job or military experience in lieu of degree
• DoD 8140 compliance (e.g. Security+, CISSP, CASP, etc.)
• Ability to work on-site at Eglin Air Force Base or willingness to relocate

Bonus points if you have: 

• Experience with ACAS/Nessus scanning and remediation
• Experience with SIEM tools (e.g. Splunk) and log analysis
• Experience with system configuration management across Windows, Linux, or cloud environments
• Experience working in a DevSecOps or cloud-based environment
• Experience with Agile development methodologies, including Scrum and Kanban
• Experience with National Security systems and Air-Gapped Environments

Security Clearance:

Active Top-Secret Clearance, preferred with SCI eligibility. The position may require a polygraph examination

An ISSO will apply appropriate information security controls in accordance with system categorization, review and update security authorization documentation/artifacts in accordance with federal mandates and client policies and procedures, develop test plans and assessment reports in support of system authorization assessments, analyze vulnerability & compliance scan results to interpret risks to the client technology landscape, and track Plan of Actions and Milestones to closure. Specialist will specifically work on A&A activities support DoD Oracle Cloud Infrastructure (OCI) migration effort.

ISSO will be able to work independently on projects & tasks.

Basic Qualifications:

• 3+ years of working knowledge and experience with one or more of the following Federal security frameworks (FedRAMP, FISMA, Zero Trust Maturity Model, RMF, and NIST SP 800 series and NIST SP 800-53)
• GRC tools experience (e.g. XACTA, ArchAngel, eMASS, CSAM). 
• Experience with ACAS scans and mitigation and management of vulnerabilities
• Ability to identify potential threats, and create action plans using best practice
• Experience with NIST RMF and security controls

Preferred:

• Experience with DOD accreditation process
• Experience with eMASS tool
• Local to DC metro area
• Interim or Active Secret clearance required
• Bachelor’s Degree or equivalent experience

An A&A Specialist will apply appropriate information security controls in accordance with system categorization, review and update security authorization documentation/artifacts in accordance with federal mandates and client policies and procedures, develop test plans and assessment reports in support of system authorization assessments, analyze vulnerability & compliance scan results to interpret risks to the client technology landscape, and track Plan of Actions and Milestones to closure. Specialist will specifically work on A&A activities support DoD Oracle Cloud Infrastructure (OCI) migration effort.

An A&A Specialist will be able to work independently on projects & tasks.

Basic Qualifications:

• Interim or Active Secret clearance required
• Bachelor’s Degree or equivalent experience
• 5+ years of working knowledge and experience with one or more of the following Federal security frameworks (FedRAMP, FISMA, Zero Trust Maturity Model, RMF, and NIST SP 800 series and NIST SP 800-53)
• GRC tools experience (e.g. XACTA, ArchAngel, eMASS, CSAM)
• Experience with ACAS scans and mitigation and management of vulnerabilities
• Ability to identify potential threats, and create action plans using best practice
• Experience with NIST RMF and security controls

Preferred:

• Experience with DOD accreditation process
• Experience with eMASS tool
• Local to DC metro area

We are seeking an experienced Information Systems Security Officer to join our team near Cincinnati, OH to lead security oversight for our secure cloud platform implementations supporting government customers. This role ensures continuous compliance with federal security standards while enabling agile delivery of cloud infrastructure solutions in classified and sensitive environments.

What you’ll do:

• Security Program Leadership
  • Serve as primary security authority for secure cloud platform implementations
  • Develop and maintain Information System Security Plans (ISSP) for government systems
  • Lead security control assessments and continuous monitoring programs
  • Coordinate with government security officers, SCAs, ISSMs, and AOs for system authorization
• Risk Management & Compliance
  • Implement and maintain Risk Management Framework (RMF) processes
  • Conduct security control assessments using NIST 800-53 and DoD requirements
  • Manage Plan of Action & Milestones (POA&M) and security remediation efforts
  • Ensure continuous compliance with FedRAMP, FISMA, and DoD security standards and applicable overlays
• Cloud Security Architecture
  • Design security controls for multi-cloud and hybrid government environments
  • Implement cloud-native security solutions: encryption, IAM, network segmentation
  • Configure security monitoring and incident response capabilities
  • Validate security implementations against STIG and CIS benchmarks
• Security Integration & DevSecOps
  • Integrate security controls into CI/CD pipelines and Infrastructure as Code
  • Implement security automation and continuous compliance monitoring
  • Collaborate with engineering teams to embed security throughout delivery lifecycle
  • Conduct security reviews for cloud architecture and deployment patterns
• Documentation & Reporting
  • Maintain security documentation packages for government reviews and audits in defined systems including but not limited to eMass
  • Prepare security deliverables: SSP, SAR, security briefings, and compliance reports
  • Support security audits, assessments, and customer security reviews
  • Create security standards, procedures, and training materials
• Tools
  • Work in AWS GovCloud, Azure Government, or Oracle Cloud
  • Work with vulnerability scanners, SIEM, monitoring platforms
  • Handle Infrastructure as Code security: Terraform, CloudFormation security
  • Review container security: Kubernetes security, container scanning, runtime protection
  • Review network security: VPC design, firewalls, intrusion detection

What you’ll need:

• 5 years cybersecurity experience with government systems and cloud environments
• 3 years direct ISSO experience supporting federal programs or systems
• 3 years’ experience with risk management frameworks (RMF) and security control implementation
• 6 months of eMASS experience
• Experience with FedRAMP, FISMA, and/or DoD security compliance requirements

Bonus points if you have:

• CISSP, CISM, or GIAC certification
• CompTIA Security+ (current) or equivalent DoD 8570 IAT Level II certification required within 6 months of onboarding 
• AWS certification - Solutions Architect – Associate
• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field 
• Willing to work a hybrid schedule in Evandale, OH 

Security Clearance:

An active Secret level clearance is required; TS/SCI preferred