Security Risk Management

Information System Security Officer (ISSO) – TS/SCI Full Scope Poly – Annapolis Junction, MD

Information System Security Officer (ISSO) – TS/SCI Full Scope Poly

📍 Location: Annapolis Junction, MD
🏢 Work Arrangement: 100% Onsite
💼 Employment Type: Full-Time
🔒 Security Clearance Required: Active TS/SCI with Full Scope Polygraph (NSA Preferred)
🇺🇸 Citizenship: U.S. Citizen Required
🚫 Visa Sponsorship: Not Available
🚚 Relocation Assistance: Available
💰 Compensation: $100,000 – $200,000 Base Salary

Overview

A leading government technology contractor is seeking Information System Security Officers (ISSOs) to support mission-critical classified programs within highly secure government environments.

This role is responsible for maintaining cybersecurity compliance throughout the Risk Management Framework (RMF) lifecycle, supporting system accreditation, continuous monitoring, vulnerability management, and ongoing cybersecurity operations.

The ideal candidate will possess strong RMF expertise, experience supporting classified environments, and the ability to work closely with System Administrators, System Owners, Information System Security Managers (ISSMs), Security Control Assessors, and Government stakeholders.

Key Responsibilities

Risk Management Framework (RMF)

  • Support the full RMF lifecycle for classified systems.

  • Develop and maintain RMF documentation and accreditation packages.

  • Coordinate Authority to Operate (ATO) activities.

  • Support security authorization and reauthorization efforts.

  • Ensure systems maintain compliance with cybersecurity requirements.

Security Compliance & Assessments

  • Conduct security control reviews and assessments.

  • Validate implementation of required security controls.

  • Monitor compliance against NIST and government standards.

  • Support internal and external cybersecurity audits.

Continuous Monitoring (ConMon)

  • Support ongoing Continuous Monitoring activities.

  • Review system configurations and compliance posture.

  • Analyze vulnerability findings and remediation efforts.

  • Track compliance status and corrective actions.

Vulnerability & Risk Management

  • Monitor vulnerabilities and security findings.

  • Coordinate remediation efforts with technical teams.

  • Assess risk and recommend mitigation strategies.

  • Support vulnerability management programs.

Stakeholder Collaboration

  • Work closely with:

    • System Administrators

    • System Owners

    • ISSMs

    • Security Control Assessors

    • Government Security Teams

  • Provide security guidance and compliance recommendations.

  • Support cybersecurity reviews and inspections.

Required Qualifications

Security Requirements

✔ Active TS/SCI Clearance

✔ Active Full Scope Polygraph (NSA Preferred)

✔ U.S. Citizenship Required

Cybersecurity & RMF Experience

Experience supporting:

  • Information Assurance (IA)

  • Cybersecurity Compliance

  • ISSO Functions

  • Classified Information Systems

Strong understanding of:

  • Risk Management Framework (RMF)

  • Authority to Operate (ATO)

  • Security Control Assessments

  • Continuous Monitoring (ConMon)

  • Risk Assessment Methodologies

RMF & Compliance Tools

Experience with one or more of:

  • LATTEART

  • XACTA

  • BISCOTTI

  • WATCHCAT

  • STE

Experience with:

  • Compliance scanning tools

  • Configuration assessment tools

  • Vulnerability management platforms

NIST Framework Knowledge

Strong familiarity with:

  • NIST SP 800-53 Rev. 3 and/or Rev. 5

  • NIST SP 800-37

  • Security Controls

  • RMF Documentation Requirements

Required Documentation Experience

Candidates should have experience creating, reviewing, or maintaining:

Security Documentation

  • System Security Plans (SSP)

  • Plans of Action & Milestones (POA&M)

  • Security Plan Findings (SPF)

  • Exception Documentation

Risk & Compliance Documentation

  • Risk Assessment Reports (RAR)

  • Security Assessment Reports (SAR)

  • Business Impact Assessments (BIA)

  • Configuration Management Plans (CMP)

  • Contingency Plans (CP)

  • After Action Reports (AAR)

Preferred Qualifications

Government & Classified Environment Experience

  • Classified Government systems

  • Security audits and inspections

  • Compliance reviews

  • Vulnerability remediation programs

Stakeholder Coordination

Experience coordinating with:

  • Authorizing Officials (AO)

  • Security Control Assessors (SCA)

  • ISSMs

  • System Owners

Technical Knowledge

  • Operating System Security

  • System Administration Concepts

  • Vulnerability Management

  • Configuration Management

Preferred Certifications

Highly desired certifications include:

  • CompTIA Security+

  • CISSP

  • CAP

  • CASP+

  • CISM

Must-Have Requirements

Clearance

✅ Active TS/SCI Clearance

✅ Active Full Scope Polygraph

Cybersecurity

✅ RMF Experience

✅ ATO Experience

✅ Continuous Monitoring (ConMon)

✅ Security Control Assessments

Documentation

✅ SSP Development

✅ POA&M Management

✅ Security Compliance Documentation

Soft Skills

✅ Strong Written Communication

✅ Strong Organizational Skills

✅ Risk-Based Decision Making

✅ Collaboration & Stakeholder Management

Screening Questions

  1. Do you currently hold an active TS/SCI clearance with a Full Scope Polygraph?

  2. Was your Full Scope Polygraph issued by NSA?

  3. When was your most recent Full Scope Polygraph completed?

  4. How many years of ISSO, Information Assurance, or Cybersecurity compliance experience do you have?

  5. Have you supported the full RMF lifecycle, including ATO activities?

  6. Which RMF compliance tools have you used (XACTA, LATTEART, BISCOTTI, WATCHCAT, STE)?

  7. Have you developed or maintained SSPs, POA&Ms, SARs, or RARs?

  8. What experience do you have with NIST 800-53 and NIST 800-37?

  9. Do you have experience supporting classified Government systems?

  10. Do you hold any cybersecurity certifications such as Security+, CISSP, CAP, CASP+, or CISM?

Ideal Candidate Profile

The ideal candidate will:

  • Hold an active TS/SCI Full Scope Polygraph.

  • Have strong ISSO or Information Assurance experience within classified environments.

  • Possess deep knowledge of RMF, ATO, and Continuous Monitoring processes.

  • Be highly detail-oriented and documentation-focused.

  • Have experience working with government cybersecurity compliance tools.

  • Understand vulnerability management and risk mitigation practices.

  • Effectively collaborate with technical and non-technical stakeholders.

  • Balance mission requirements with cybersecurity compliance obligations.

Candidate Snapshot

Requirement

Details

Clearance

Active TS/SCI + Full Scope Poly

Citizenship

U.S. Citizen

Experience Level

Mid-Level to Senior

Frameworks

RMF, NIST 800-53, NIST 800-37

Compliance

ATO, ConMon, Security Controls

Documentation

SSP, POA&M, SAR, RAR, CMP, CP

Tools

XACTA, LATTEART, BISCOTTI, WATCHCAT, STE

Certifications

Security+, CISSP, CAP, CASP+, CISM (Preferred)

Location

Annapolis Junction, MD

Work Arrangement

100% Onsite

Travel

None

Compensation

$100K – $200K

Relocation

Available

Why This Opportunity?

Mission Impact

Support highly classified national security programs and critical government systems.

Cybersecurity Leadership

Play a key role in accreditation, compliance, risk management, and cybersecurity governance activities.

Career Growth

Work alongside highly skilled cybersecurity professionals supporting some of the nation's most sensitive environments.

Excellent Benefits

  • 3 Weeks PTO

  • 11 Federal Holidays

  • Medical & Dental Coverage

  • Life Insurance

  • STD & LTD Coverage

  • 401(k) with Company Match

  • Long-Term Career Development

This opportunity is ideal for an ISSO, Information Assurance Analyst, Cybersecurity Compliance Analyst, RMF Analyst, Information Security Specialist, Security Control Assessor Support Specialist, or Cybersecurity Governance Professional with an active TS/SCI Full Scope Polygraph seeking to support mission-critical government programs.

 

Cyber-Physical Security Manager – Integrated Cyber & Physical Security | Kansas City

Cyber-Physical Security Manager

📍 Location: Kansas City, Missouri (Hybrid / Flexible WFH)
💼 Employment Type: Full-Time
✈️ Travel: Occasional
🎓 Education: Bachelor’s Degree Required
🚚 Relocation Assistance: Possible for the ideal candidate

Role Overview

This role sits at the intersection of cybersecurity, physical security, and smart infrastructure. As Cyber-Physical Security Manager, you will design, govern, and evolve integrated security systems that protect people, facilities, data, and operational technologies across corporate and project sites.

You’ll act as a technical authority and strategic advisor, translating cybersecurity frameworks into real-world physical and operational security solutions—while partnering closely with IT Security, SOC, Crisis Response, and facilities leadership.

What You’ll Own

  • Design & Architecture

    • Design scalable, resilient cyber-physical security architectures across corporate and project environments

    • Produce technical specifications for:

      • Access control systems

      • Intrusion detection

      • Video surveillance

      • ICS / OT / IoT and smart building technologies

  • Framework Translation & Compliance

    • Translate security frameworks (e.g. ISO 27001, NIST SP 800-82) into technical requirements, procedures, and standards

    • Ensure systems align with federal credentialing and critical infrastructure requirements

  • Risk & Resilience

    • Lead cyber-physical security risk assessments, aligned with enterprise information security risk methodologies

    • Identify vulnerabilities across IT, OT, and physical domains and define mitigation strategies

  • Security Operations & Monitoring

    • Partner with Security Operations Center (SOC), Crisis Management, and Emergency Response teams

    • Enhance monitoring, detection, and response capabilities across physical and cyber environments

    • Integrate physical security platforms with centralized monitoring workflows

  • Enterprise & Smart Building Integration

    • Lead integration of physical security systems with IT and OT platforms

    • Ensure smart building technologies comply with enterprise IT security policies and governance

  • Strategy & Program Development

    • Partner with IT Security leadership to define and execute cyber-physical security strategy

    • Develop and maintain:

      • Security programs

      • Standards & playbooks

      • Operating procedures & checklists

    • Proactively evolve security capabilities to address emerging threats

  • Vendor & Stakeholder Management

    • Own vendor relationships through detailed scopes of work and performance oversight

    • Evaluate and onboard new vendors in line with defined security and operational standards

    • Collaborate cross-functionally with facilities, office management, IT, and security teams

What We’re Looking For

  • 7–10+ years of experience across cyber security, physical security, or integrated security environments

  • Strong background designing and managing enterprise-scale security systems

  • Experience working with OT, ICS, IoT, or smart building technologies

  • Hands-on experience translating security frameworks into operational controls

  • Proven ability to work cross-functionally with IT, facilities, operations, and executive stakeholders

  • Strong documentation, governance, and program-building skills

  • Comfortable operating as both technical expert and strategic advisor

Nice to Have

  • Experience supporting SOC environments or security monitoring platforms

  • Background in critical infrastructure, construction, large facilities, or multi-site enterprises

  • Familiarity with vendor selection, RFPs, and managed security services

Compensation & Benefits

  • 💰 Base Salary: $107,000 – $134,000

  • Comprehensive benefits package including:

    • Medical, Dental, Vision Insurance

    • Paid Time Off

    • Retirement Plan

    • Flexible work arrangements

    • Relocation assistance (if applicable)

Additional Details

  • Security Clearance Required: No

  • Visa Sponsorship: Not available

  • Work Model: Hybrid / Flexible WFH

  • Employment Type: Full-Time

Ideal Candidate Profile

  • Strategic thinker with hands-on technical depth

  • Comfortable owning end-to-end security programs

  • Collaborative, detail-oriented, and proactive

  • Passionate about protecting people, assets, and systems in complex, real-world environments

 

Cyber Security Engineering & Support Manager | Vulnerability Management | Pittsburgh, PA | $120K–$140K + Bonus

Cyber Security Engineering & Support Manager

📍 Location: Pittsburgh, PA (Onsite – no remote options)
💼 Employment Type: Full-time
💵 Salary: $120,000 – $140,000 annually + bonus eligibility
🎯 Experience Level: Mid-Senior (7–10 years)

About the Role

This role leads a dedicated cybersecurity engineering and support team focused on protecting enterprise technologies and infrastructure across IT and manufacturing environments. You’ll oversee the deployment and lifecycle management of enterprise security tools, direct the vulnerability management program, and provide critical cybersecurity risk analytics to support strategic decision-making.

Reporting directly to the Chief Information Security Officer, you’ll be responsible for ensuring secure, scalable solutions across global operations while managing a skilled technical team.

Key Responsibilities

  • Lead and manage the Security Engineering & Support team, including staff development and budget oversight.

  • Deploy, support, and optimize enterprise security technologies across IT, end-user, and cybersecurity environments.

  • Own and execute the organization’s vulnerability management strategy, reducing attack surfaces and strengthening resilience.

  • Develop and deliver cybersecurity risk dashboards with actionable KPIs and KRIs.

  • Oversee operational security functions such as privileged access provisioning and IT compliance support.

  • Partner with business units and OT teams (e.g., PLCs, SCADA, HMIs) to align secure solutions with plant-level and enterprise objectives.

  • Collaborate across the business to integrate security with enterprise architecture, applications, and eCommerce platforms.

Required Qualifications

  • Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related field.

  • 7+ years of experience in IT, infrastructure, or cybersecurity.

  • Proven experience leading vulnerability management programs.

  • Must be a U.S. citizen, lawful permanent resident, or otherwise eligible to access controlled technology under ITAR/EAR regulations.

Preferred Qualifications

  • 2+ years of management experience leading IT or cybersecurity professionals.

  • Experience managing departmental budgets.

  • Background in manufacturing or production environments.

  • Expertise in systems engineering, application security, and security operations.

  • Active security certifications such as CISSP, CISM, CISA, or Security+.

  • Master’s degree in cybersecurity, engineering, or related field.

Ideal Candidate Profile

  • Strong leadership skills with a proven ability to guide cross-functional teams.

  • Skilled in budget management and process optimization.

  • Excellent interpersonal and communication skills for engaging both technical and non-technical stakeholders.

  • Hands-on experience in manufacturing or production IT environments is highly desirable.

Compensation & Benefits

  • Base Salary: $120,000 – $140,000 per year

  • Bonus Eligible

  • Comprehensive benefits package (medical, dental, vision, retirement, life insurance, etc.)

  • Paid time off and holidays

  • Professional development opportunities

👉 This is a strategic cybersecurity leadership opportunity for a professional ready to drive enterprise-wide security programs while directly influencing resilience and risk management.