Senior Information Systems Security Officer

Tharros Defense, Inc.
Washington, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Washington, United States of America

Tech stack

Xacta
Microsoft Windows
Agile Methodologies
Amazon Web Services (AWS)
Audit Trail
Azure
Cloud Computing
Cloud Computing Security
Software Documentation
Computer Security
Information Systems
Linux
Open Source Technology
Smartsuite
Security Content Automation Protocol
Security Software
HybridCloud
Gitlab
Splunk
Devsecops
Plan of Action and Milestones
Vulnerability Analysis

Job description

Tharros is seeking a Senior Information Systems Security Officer to support a DHS Intelligence and Analysis cybersecurity program in the National Capital Region.

This role will support ISSO operations across a complex Federal cybersecurity environment, including Assessment and Authorization, continuous monitoring, ATO package maintenance, POA&M management, security artifact quality, cloud and hybrid system support, and cybersecurity compliance. The ideal candidate is a hands-on ISSO who can maintain accurate authorization evidence, coordinate with technical teams, and help keep mission systems secure, compliant, and authorization-ready., * Perform ISSO duties for assigned Federal information systems.

  • Support RMF activities, including system categorization, control implementation support, assessment readiness, authorization package maintenance, and ongoing monitoring.
  • Develop, review, validate, and maintain security artifacts such as SSPs, POA&Ms, risk exceptions, contingency plans, privileged user documentation, and privacy-related artifacts.
  • Create, maintain, and monitor ATO packages in GRC tools.
  • Support POA&M development, validation, remediation tracking, exception documentation, closure, and reporting.
  • Collaborate with system owners, ISSOs, ISSMs, developers, engineers, assessors, and other stakeholders to address vulnerabilities, security findings, and remediation actions.
  • Review vulnerability scan results and support recurring continuous monitoring activities.
  • Support audit log review, alert response, and documentation of follow-up actions.
  • Ensure assigned systems remain aligned with applicable cybersecurity policies, procedures, and decommissioning requirements.
  • Support quarterly cybersecurity performance and compliance reporting.
  • Provide ISSO support across hybrid environments, including classified and unclassified on-premise systems, cloud-based systems, DevSecOps environments, and agile development teams.
  • Support security for operating systems and technologies including Linux, Windows, open-source operating systems, and cloud platforms.
  • Support Cross Domain Solution security governance, assessment, and authorization activities.
  • Help improve ISSO workflows, evidence management, POA&M tracking, continuous monitoring, and risk reporting through automation and repeatable processes.
  • Translate compliance status, vulnerability data, and remediation progress into clear updates for technical and leadership stakeholders.

Requirements

  • Active TS/SCI
  • 10+ years of related cybersecurity experience.
  • At least 2 years of recent experience in A&A, FISMA compliance, IC cybersecurity policy and standards, continuous monitoring, CDS, and secure cloud and hybrid engineering.
  • Experience applying NIST 800 series, CNSSI 1253, security controls, and RMF principles.
  • Experience with emerging security risk management practices, including automation of A&A and continuous monitoring activities.
  • CISM, CAP, or GRC certification, or comparable demonstrable experience.
  • Experience developing, reviewing, or maintaining SSPs, POA&Ms, risk exceptions, contingency plans, privileged user documentation, ATO packages, and continuous monitoring evidence.
  • Experience working with GRC tools and coordinating with technical teams to remediate vulnerabilities and maintain authorization readiness.
  • Strong written and verbal communication skills.
  • Ability to work onsite at a Government-approved location as required.

Preferred Qualifications:

  • Prior DHS, Intelligence Community, DoD, CISO office, ISSM, AO, SCA, or national security ISSO experience.
  • Experience supporting large ISSO portfolios, classified systems, hybrid cloud environments, DevSecOps evidence collection, continuous monitoring, and audit readiness.
  • Experience with Archer, eMASS, Xacta, ACAS, Tenable.sc, Splunk, GitLab, Axonius, STIG/SCAP validation, or related Federal cybersecurity tools.
  • Experience with AWS, Microsoft Azure, Microsoft 365, or other cloud platforms.
  • Experience supporting TS/SCI, SCIF, cross-domain, or secure mission environments.

About the company

Tharros combines extensive cyber defense knowledge with the world's preeminent vulnerability expertise to identify and defend against attacks before they become problems. Working at mission speed, we harden mission systems faster and secure them for longer, so agencies never lose the mission edge. Tharros lifts the veil of enterprise cybersecurity to detect zero days before they affect you, enabling mission maneuverability and the confidence to move missions forward. In the ever-evolving realm of cyberspace, we are dedicated to becoming the paramount defender in the 5th warfighting domain. By pioneering innovative security solutions and fostering an environment of continuous learning and vigilance, we aim to protect the interests of our nation's security. Our commitment to excellence in cybersecurity will establish new benchmarks, transforming the digital landscape into a secure and thriving frontier for future generations.

Apply for this position