Senior Information Systems Security Officer

SAIC is seeking a motivated and skilled Senior Information Systems Security Officer (ISSO) to support cybersecurity and compliance activities for mission-critical IT systems on the MAJESTIC Joint Program Office (JPO) Team . In this role, the ISSO will be responsible for implementing, managing, and assessing system security controls to ensure compliance with government regulations, standards, and best practices, including NIST 800-53 , RMF , and other federal security policies.

The ideal candidate will work closely with system owners, administrators, and cross-functional security teams to assess risks, maintain security postures, and ensure the confidentiality, integrity, and availability of information systems that support the mission. This role requires on-site support in Springfield, VA ., * Ensure compliance with Risk Management Framework (RMF) requirements by developing, maintaining, and assessing system security artifacts, including System Security Plans (SSPs), POA&Ms, and applicable policies and procedures

• Implement and validate security controls in alignment with NIST 800-53, associated overlays, and system-specific requirements
• Support the Accreditation and Authorization (A&A) process, including preparing documentation and achieving and maintaining system Authority to Operate (ATO) status
• Conduct risk assessments and vulnerability analysis, identify potential threats and weaknesses, and provide recommendations for mitigation
• Work with IT teams to implement system hardening for platforms, applications, and networks in compliance with DISA STIGs and cybersecurity best practices
• Perform continuous monitoring of systems using tools such as Splunk, ACAS, or SolarWinds, ensuring real-time threat detection, event notifications, and security compliance validation
• Collaborate with cross-functional teams, including system administrators, developers, and ISSMs, to address security risks, system vulnerabilities, and security incidents
• Support incident response activities by conducting forensic analysis, generating reports, and coordinating efforts to remediate and recover from security events
• Provide cybersecurity awareness training for users and team members to ensure adherence to organizational security requirements and best practices
• Prepare and deliver security status updates, risk reports, and briefings to senior stakeholders and leadership
• Develop and maintain system documentation, including security control implementation descriptions, policies, and SOPs

• Bachelor's Degree, * Candidates must satisfy Cybersecurity Workforce Framework (CWF) ID 511 (Cyber Defense Analyst) or 531 (Cyber Defense Auditor, Intermediate Level) requirements, as outlined by Navy COOL (https://www.cool.osd.mil/usn/cswf/index.html?CWFModel)
• This requirement can be met by possessing one or more of the following qualifying certifications:
• Certified Ethical Hacker (CEH/Practical)
• CompTIA Cloud+ CompTIA PenTest+ CompTIA Security+ Federal IT Security Professional-Operator-NG (FITSP-O)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Continuous Monitoring Certification (GMON)
• GIAC Defensible Security Architecture (GDSA)
• GIAC Response and Industrial Defense (GRID)
• GIAC Security Essentials Certification (GSEC)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Essentials Certification (GSEC)
• Rocheston Certified Cybersecurity Engineer (RCCE) Level 1
• Certified Cloud Security Professional (CCSP)
• Cisco Certified Network Associate (CCNA) Cybersecurity (formerly Cisco Cybersecurity Associate)
• EC-Council Certified Incident Handler (ECIH)
• Federal IT Security Professional-Operator-NG (FITSP-O)
• OR This requirement can be met through:
• A Bachelor's Degree in Cybersecurity, Computer Science, IT, or a related field

Experience:

• 2-5 years of professional experience managing and supporting enterprise-level ITenvironments

Technical Skills:

• Deep understanding of security frameworks, including NIST 800-53, RMF, and/or DoD 8510.01
• Experience developing and maintaining System Security Plans (SSPs) and managing POA&Ms for compliance and audit purposes
• Proficiency with vulnerability scanning tools and security analysis platforms, such as Nessus, ACAS, or Qualys
• Knowledge of security controls implementation and system hardening using DISA STIGs or CIS Benchmarks for platforms and network-enabled devices
• Familiarity with monitoring tools such as Splunk, SolarWinds, or other SIEM solutions for proactive security monitoring and incident management
• Strong understanding of Windows Server and Active Directory security, including account policy configurations and group policy enforcement
• Basic knowledge of Red Hat Enterprise Linux (RHEL) for security configurations and patching
• General understanding of networking concepts, security configurations, and protocols (e.g., TCP/IP, VLANs, IPsec, firewalls)
• Ability to conduct risk assessments, analyze vulnerabilities, and make actionable recommendations to remediate threats
• Strong analytical and technical writing skills for maintaining security documentation, incident reports, and audit artifacts

Preferred Certifications (In Addition to CWF Requirements):

• Certified Information Systems Security Professional (CISSP) or equivalent advanced certifications
• Knowledge of continuous monitoring tools and automated compliance tracking systems
• Familiarity with encryption standards, PKI infrastructures, and secure key management practices
• Hands-on experience with virtualized environments and hyper-converged platforms, such as VMware or Nutanix
• Familiarity with ITIL v4 frameworks for managing IT operations and processes

Clearance Requirement:

• Active TS/SCI clearance with the ability to obtain and maintain a TS/SCI with Poly, * Program Scope: Supports on-premises enterprise IT environments, including virtualized Windows servers, MS SQL Server databases, and networking layers

• Subcontractor Role: Responsibilities and compensation vary based on the subcontract agreement, with a competitive salary aligned to market rates and role-specific requirements

SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability