Information System Security Officer (ISSO)

CYBERSECURITY ARCHITECT SR PRINCIPAL

We are seeking a highly skilled and multi-faceted Information System Security Officer (ISSO) for a critical contract role supporting this commercial Cloud Service Provider's mission-critical systems. The ideal candidate is a proactive and seasoned professional with extensive, hands-on experience navigating the FedRAMP, DOD Impact Level 6 (IL6), and Risk Management Framework (RMF) requirements for classified commercial cloud services and cross domain solutions. This role requires a unique blend of technical engineering prowess, security assessment and auditing skills, deep expertise in continuous monitoring, and the polish to communicate risk to executive leadership. You will be a key contributor to our Governance, Risk, and Compliance (GRC) program, supporting the Information System Security Manager (ISSM) in ensuring the unyielding security and integrity of mission-critical systems.

The ISSO will be directly responsible for the following key areas:
1. RMF & Assessment and Authorization (A&A)

• Lead A&A Execution: Shepherd complex cloud service offerings, and Cross Domain Solutions (CDS) as needed, through the entire respective FedRAMP/DOD IL6 and RMF lifecycle to obtain and maintain the applicable authorizations. This includes classified accreditations adhering to regulations like Raise the Bar (RTB) for CDS systems.
• Documentation Mastery: Develop, author, and maintain a comprehensive body of evidence for A&A packages. This includes the FedRAMP/DOD IL6 authorization package and appendices, the DOD CDS authorization package requirements, and the IC joint test team authorization package requirements.
• Continuous Monitoring & POAM Management: Take full ownership of the monthly and overall FedRAMP/DOD IL6, DOD CDS, and IC Continuous Monitoring requirements.
• Compliance & Policy Adherence: Act as the primary technical interpreter of security requirements/controls, ensuring all network solutions and system architectures strictly adhere to mandates such as ICD 503, NIST SP 800-53, CNSSI 1253, and all applicable DISA STIGs and SRGs.

2. Security Engineering & System Hardening

• Technical Security Integration: Review system designs, network architectures, and proposed changes to ensure security principles are integrated from the ground up.
• System Hardening & Configuration: Work with security engineering to implement and validate security controls, to ensure STIGs applied to operating systems, network devices, and applications.
• Vulnerability Management: Work with security engineering to proactively identify and assess vulnerabilities using tools like Tenable Nessus. Work with system administrators to prioritize and track remediation efforts, ensuring compliance with established timelines.
• Network Security & Architecture Review: Conduct in-depth firewall rule reviews, analyze network architecture for security flaws, and manage Ports, Protocols, and Services Management (PPSM) submissions in alignment with Continuous Monitoring activities.

3. Security Control Assessor (SCA) & Auditing

• Security Audits & Inspections: Conduct comprehensive security control audits, traditional security reviews, and formal inspections, including preparing for and executing FedRAMP/IL6 third-party assessment organization (3PAO) assessments, DOD CDS assessments, and IC assessments. (Potential to support DCSA classified space assessments.)
• Artifact & Evidence Review: Meticulously review artifacts, logs, and system configurations to ensure they provide sufficient evidence of compliance. Audit the work of ISSEs and system administrators to verify documentation and security posture.
• Penetration Testing & Validation: Coordinate and/or participate in security testing and penetration testing activities to provide an independent validation of the system's security posture.

4. Continuous Monitoring & GRC

• Develop & Manage ConMon Strategy: Design, implement, and manage a robust continuous monitoring program that provides near real-time insight into the security posture of all accredited systems.
• Security Data Analysis: Leverage tools like Splunk, Grafana, eMASS, Xacta, and ServiceNow to aggregate, analyze, and report on security data. Identify trends, anomalies, and potential incidents, providing actionable intelligence to the ISSM and leadership.
• Risk Management: Perform formal risk assessments and analysis, identifying and documenting potential threats and vulnerabilities and recommending mitigating controls.
• Incident Response Support: Enable the ISSM and the incident response team with artifacts, providing in-depth system knowledge and security expertise during incident handling and analysis.

WHAT YOU'LL NEED TO SUCCEED
Bring your cyber expertise and drive for innovation to GDIT. The Cybersecurity Architect Sr Principal must have:

• Education: BA/BS Degree or equivalent experience in lieu of degree
• Experience: 10+ years of related experience

• Technical skills: Progressive experience in information assurance and cybersecurity roles. A minimum of 5 years of direct, hands-on experience as an ISSO or ISSM, with a proven track record of successfully achieving and maintaining ATO for multiple classified systems under IL6, DoD RMF, and/or ICD 503 policies.

• Security clearance level: Must be a U.S. Citizen. Must possess a current and active Top Secret (Sensitive Compartmented Information [SCI] eligibility). Additionally, personnel agree to be submitted for Full-Scope Polygraph (FSP) for potential hands-on, independent activities. However, requirement is Top Secret, and if FSP cannot be adjudicated, personnel will not be impacted and will continue to work on activities where the FSP was never required.

• Location: Onsite at the classified operations center in McLean, VA.

• Role requirements: Expert-level knowledge of the complete NIST SP 800 series (especially 800-37, 800-53, 800-30) and risk management principles.

• Certifications: Must be DoD 8140 / 8570.01-M compliant. A CISSP (Certified Information Systems Security Professional) is strongly preferred and considered the baseline.

• Desired:

• Hands-on experience with security and GRC tools such as ACAS (Tenable.sc/Nessus), Splunk, Grafana, ServiceNow, eMASS, and Xacta.
• Deep understanding of network architecture, firewall configurations, and the PPSM process.
• Understanding of Microsoft Active Directory and implementing controls via Group Policy.
• CDS authorization processes and policies of the Intelligence Community (IC), Department of Defense (DoD), and SLED entities.

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
• Growth: AI-powered career tool that identifies career steps and learning opportunities
• Support: An internal mobility team focused on helping you achieve your career goals
• Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
• Community: Award-winning culture of innovation and a military-friendly workplace

OWN YOUR OPPORTUNITY
Explore a career in cyber at GDIT and you'll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.

Work Requirements