Information System Security Officer(ISSO)- Senior

This isn't a checkbox ISSO seat. You'll serve as the primary security POC for classified information systems operating on JWICS - including AI/ML platforms that directly support warfighter capabilities. You'll partner with the ISSM and program leadership to maintain ATOs, drive RMF compliance, and provide hands-on security guidance to engineering teams building real-world mission tools. If you want your work to matter, this is the gig.

What You'll Do

Own the security posture of assigned classified systems, including JWICS-hosted AI/ML platforms - continuous monitoring, not just annual reviews Develop, review, and maintain SSPs, SARs, and POA&Ms Lead ATO efforts under ICD 503, NIST RMF, and applicable IC directives Conduct vulnerability scans, security assessments, and compliance audits across assigned systems Monitor audit trails, system logs, and security events; triage and escalate incidents Coordinate with the ISSM to ensure security controls are implemented, tested, and documented Enforce STIGs, CIS Benchmarks, and configuration baselines across classified environments Advise development and engineering teams on integrating AI/ML capabilities into classified networks Maintain all A&A documentation and security artifacts in audit-ready condition Liaise directly with government ISSMs, AOs, and security personnel on all security matters, BOAB Ventures delivers advanced technology solutions in support of the U.S. defense and intelligence communities. Our teams work at the intersection of AI, data platforms, and mission-critical systems - solving hard problems that directly impact national security and warfighter readiness.

7-10 years in information systems security, cybersecurity, or a related discipline within DoD, IC, or defense contractor environments Active TS/SCI clearance; ability to obtain CI Polygraph (prior CI Poly strongly preferred) Demonstrated experience supporting ATO processes under NIST RMF and ICD 503 in IC or DoD environments Proficiency with SIEMs, vulnerability scanners, and audit log analysis tools Familiarity with JWICS, cross-domain solutions, and classified network architectures Working knowledge of STIGs, SCAP, and configuration management in classified settings Current DoD 8570/8140 compliant certification: CISSP, Security+, CAP, or equivalent

Nice to Have

Experience with AI/ML system security considerations in classified environments AWS GovCloud or Azure Government security experience Military Intelligence or IC background