General Dynamics Information Technology
Lead Information System Security Officer (ISSO)
General Dynamics Information Technology, Mc Lean, Virginia, us, 22107
Lead Information System Security Officer (ISSO)
GDIT is seeking a highly skilled and multi-faceted Lead Information System Security Officer (ISSO) for a critical contract role supporting this commercial Cloud Service Provider's mission‑critical systems in our McLean, VA office.
The ideal candidate is a proactive and seasoned professional with extensive, hands‑on experience navigating the FedRAMP, DOD Impact Level 6 (IL6), and Risk Management Framework (RMF) requirements for classified commercial cloud services and cross domain solutions. This role requires a unique blend of technical engineering prowess, security assessment and auditing skills, deep expertise in continuous monitoring, and the polish to communicate risk to executive leadership. You will be a key contributor to our Governance, Risk, and Compliance (GRC) program, supporting the Information System Security Manager (ISSM) in ensuring the unyielding security and integrity of mission‑critical systems.
Key Responsibilities RMF & Assessment and Authorization (A&A)
Lead A&A Execution: Shepherd complex cloud service offerings, and Cross Domain Solutions (CDS) as needed, through the entire respective FedRAMP/DOD IL6 and RMF lifecycle to obtain and maintain the applicable authorizations. This includes classified accreditations adhering to regulations like Raise the Bar (RTB) for CDS systems.
Documentation Mastery: Develop, author, and maintain a comprehensive body of evidence for A&A packages. This includes the FedRAMP/DOD IL6 authorization package and appendices, the DOD CDS authorization package requirements, and the IC joint test team authorization package requirements.
Continuous Monitoring & POAM Management: Take full ownership of the monthly and overall FedRAMP/DOD IL6, DOD CDS, and IC Continuous Monitoring requirements.
Compliance & Policy Adherence: Act as the primary technical interpreter of security requirements/controls, ensuring all network solutions and system architectures strictly adhere to mandates such as ICD 503, NIST SP 800‑53, CNSSI 1253, and all applicable DISA STIGs and SRGs.
Security Engineering & System Hardening
Technical Security Integration: Review system designs, network architectures, and proposed changes to ensure security principles are integrated from the ground up.
System Hardening & Configuration: Work with security engineering to implement and validate security controls, to ensure STIGs applied to operating systems, network devices, and applications.
Vulnerability Management: Work with security engineering to proactively identify and assess vulnerabilities using tools like Tenable Nessus. Work with system administrators to prioritize and track remediation efforts, ensuring compliance with established timelines.
Network Security & Architecture Review: Conduct in‑depth firewall rule reviews, analyze network architecture for security flaws, and manage Ports, Protocols, and Services Management (PPSM) submissions in alignment with Continuous Monitoring activities.
Security Control Assessor (SCA) & Auditing
Security Audits & Inspections: Conduct comprehensive security control audits, traditional security reviews, and formal inspections, including preparing for and executing FedRAMP/IL6 third‑party assessment organization (3PAO) assessments, DOD CDS assessments, and IC assessments. (Potential to support DCSA classified space assessments.)
Artifact & Evidence Review: Meticulously review artifacts, logs, and system configurations to ensure they provide sufficient evidence of compliance. Audit the work of ISSEs and system administrators to verify documentation and security posture.
Penetration Testing & Validation: Coordinate and/or participate in security testing and penetration testing activities to provide an independent validation of the system's security posture.
Continuous Monitoring & GRC
Develop & Manage ConMon Strategy: Design, implement, and manage a robust continuous monitoring program that provides near real‑time insight into the security posture of all accredited systems.
Security Data Analysis: Leverage tools like Splunk, Grafana, eMASS, Xacta, and ServiceNow to aggregate, analyze, and report on security data. Identify trends, anomalies, and potential incidents, providing actionable intelligence to the ISSM and leadership.
Risk Management: Perform formal risk assessments and analysis, identifying and documenting potential threats and vulnerabilities and recommending mitigating controls.
Incident Response Support: Enable the ISSM and the incident response team with artifacts, providing in‑depth system knowledge and security expertise during incident handling and analysis.
What You’ll Need to Succeed – Required
Citizenship:
Must be a U.S. Citizen.
Security clearance level:
Must possess a current and active TS/SCI with Polygraph.
Certification:
Current, active DoD 8140 certification (i.e. Security+ CE, CISA, CISSP).
Education:
BA/BS Degree or equivalent experience in lieu of degree.
Experience:
10+ years of related experience.
Technical Skills: A minimum of 5 years of direct, hands‑on experience as an ISSO, ISSM, or Auditor/Assessor.
Proven track record of successfully achieving and maintaining ATO for multiple classified systems under IL6, DoD RMF, and/or ICD 503 policies.
Progressive experience in Information Assurance and Cybersecurity roles.
Expert‑level knowledge of the complete NIST SP 800 series (especially 800‑37, 800‑53, 800‑30) and risk management principles.
Location:
Onsite at the classified operations center in McLean, VA.
Desired Qualifications
Certification:
Certified Information Systems Security Professional (CISSP) certification.
Technical Skills: Hands‑on experience with security and GRC tools such as ACAS (Tenable.sc/Nessus), Splunk, Grafana, ServiceNow, eMASS, and Xacta.
Deep understanding of network architecture, firewall configurations, and the PPSM process.
Understanding of Microsoft Active Directory and implementing controls via Group Policy.
CDS authorization processes and policies of the Intelligence Community (IC), Department of Defense (DoD), and SLED entities.
GDIT IS YOUR PLACE At GDIT, the mission is our purpose, and our people are at the center of everything we do.
Growth: AI‑powered career tool that identifies career steps and learning opportunities.
Support: An internal mobility team focused on helping you achieve your career goals.
Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off.
Community: Award‑winning culture of innovation and a military‑friendly workplace.
Own Your Opportunity Explore a career in cyber at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.
The likely salary range for this position is $157,250 – $212,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours: 40
Travel Required: None
Telecommuting Options: Onsite
Work Location: USA, VA, McLean
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
#J-18808-Ljbffr
GDIT is seeking a highly skilled and multi-faceted Lead Information System Security Officer (ISSO) for a critical contract role supporting this commercial Cloud Service Provider's mission‑critical systems in our McLean, VA office.
The ideal candidate is a proactive and seasoned professional with extensive, hands‑on experience navigating the FedRAMP, DOD Impact Level 6 (IL6), and Risk Management Framework (RMF) requirements for classified commercial cloud services and cross domain solutions. This role requires a unique blend of technical engineering prowess, security assessment and auditing skills, deep expertise in continuous monitoring, and the polish to communicate risk to executive leadership. You will be a key contributor to our Governance, Risk, and Compliance (GRC) program, supporting the Information System Security Manager (ISSM) in ensuring the unyielding security and integrity of mission‑critical systems.
Key Responsibilities RMF & Assessment and Authorization (A&A)
Lead A&A Execution: Shepherd complex cloud service offerings, and Cross Domain Solutions (CDS) as needed, through the entire respective FedRAMP/DOD IL6 and RMF lifecycle to obtain and maintain the applicable authorizations. This includes classified accreditations adhering to regulations like Raise the Bar (RTB) for CDS systems.
Documentation Mastery: Develop, author, and maintain a comprehensive body of evidence for A&A packages. This includes the FedRAMP/DOD IL6 authorization package and appendices, the DOD CDS authorization package requirements, and the IC joint test team authorization package requirements.
Continuous Monitoring & POAM Management: Take full ownership of the monthly and overall FedRAMP/DOD IL6, DOD CDS, and IC Continuous Monitoring requirements.
Compliance & Policy Adherence: Act as the primary technical interpreter of security requirements/controls, ensuring all network solutions and system architectures strictly adhere to mandates such as ICD 503, NIST SP 800‑53, CNSSI 1253, and all applicable DISA STIGs and SRGs.
Security Engineering & System Hardening
Technical Security Integration: Review system designs, network architectures, and proposed changes to ensure security principles are integrated from the ground up.
System Hardening & Configuration: Work with security engineering to implement and validate security controls, to ensure STIGs applied to operating systems, network devices, and applications.
Vulnerability Management: Work with security engineering to proactively identify and assess vulnerabilities using tools like Tenable Nessus. Work with system administrators to prioritize and track remediation efforts, ensuring compliance with established timelines.
Network Security & Architecture Review: Conduct in‑depth firewall rule reviews, analyze network architecture for security flaws, and manage Ports, Protocols, and Services Management (PPSM) submissions in alignment with Continuous Monitoring activities.
Security Control Assessor (SCA) & Auditing
Security Audits & Inspections: Conduct comprehensive security control audits, traditional security reviews, and formal inspections, including preparing for and executing FedRAMP/IL6 third‑party assessment organization (3PAO) assessments, DOD CDS assessments, and IC assessments. (Potential to support DCSA classified space assessments.)
Artifact & Evidence Review: Meticulously review artifacts, logs, and system configurations to ensure they provide sufficient evidence of compliance. Audit the work of ISSEs and system administrators to verify documentation and security posture.
Penetration Testing & Validation: Coordinate and/or participate in security testing and penetration testing activities to provide an independent validation of the system's security posture.
Continuous Monitoring & GRC
Develop & Manage ConMon Strategy: Design, implement, and manage a robust continuous monitoring program that provides near real‑time insight into the security posture of all accredited systems.
Security Data Analysis: Leverage tools like Splunk, Grafana, eMASS, Xacta, and ServiceNow to aggregate, analyze, and report on security data. Identify trends, anomalies, and potential incidents, providing actionable intelligence to the ISSM and leadership.
Risk Management: Perform formal risk assessments and analysis, identifying and documenting potential threats and vulnerabilities and recommending mitigating controls.
Incident Response Support: Enable the ISSM and the incident response team with artifacts, providing in‑depth system knowledge and security expertise during incident handling and analysis.
What You’ll Need to Succeed – Required
Citizenship:
Must be a U.S. Citizen.
Security clearance level:
Must possess a current and active TS/SCI with Polygraph.
Certification:
Current, active DoD 8140 certification (i.e. Security+ CE, CISA, CISSP).
Education:
BA/BS Degree or equivalent experience in lieu of degree.
Experience:
10+ years of related experience.
Technical Skills: A minimum of 5 years of direct, hands‑on experience as an ISSO, ISSM, or Auditor/Assessor.
Proven track record of successfully achieving and maintaining ATO for multiple classified systems under IL6, DoD RMF, and/or ICD 503 policies.
Progressive experience in Information Assurance and Cybersecurity roles.
Expert‑level knowledge of the complete NIST SP 800 series (especially 800‑37, 800‑53, 800‑30) and risk management principles.
Location:
Onsite at the classified operations center in McLean, VA.
Desired Qualifications
Certification:
Certified Information Systems Security Professional (CISSP) certification.
Technical Skills: Hands‑on experience with security and GRC tools such as ACAS (Tenable.sc/Nessus), Splunk, Grafana, ServiceNow, eMASS, and Xacta.
Deep understanding of network architecture, firewall configurations, and the PPSM process.
Understanding of Microsoft Active Directory and implementing controls via Group Policy.
CDS authorization processes and policies of the Intelligence Community (IC), Department of Defense (DoD), and SLED entities.
GDIT IS YOUR PLACE At GDIT, the mission is our purpose, and our people are at the center of everything we do.
Growth: AI‑powered career tool that identifies career steps and learning opportunities.
Support: An internal mobility team focused on helping you achieve your career goals.
Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off.
Community: Award‑winning culture of innovation and a military‑friendly workplace.
Own Your Opportunity Explore a career in cyber at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.
The likely salary range for this position is $157,250 – $212,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours: 40
Travel Required: None
Telecommuting Options: Onsite
Work Location: USA, VA, McLean
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
#J-18808-Ljbffr