Applied Research Solutions
Information System Security Manager (ISSM)
Applied Research Solutions, Beavercreek, Ohio, United States
Information System Security Manager (ISSM)
Applied Research Solutions (ARS) is seeking a skilled ISSM to assist in the development and security hardening of a DevSecOps cloud environment to align with DoD RMF (NIST SP 800-53 r5) and CMMC 2.0 (NIST SP 800-171) security requirements.
The Information System Security Manager (ISSM) will lead the cybersecurity governance and compliance efforts for a DoD DevSecOps environment operating on an Azure-based cloud backbone. This role is responsible for overseeing the full lifecycle of Assessment and Authorization (A&A) activities, maintaining continuous Authority to Operate (ATO) compliance, and ensuring the accuracy, completeness, and integrity of all security artifacts within eMASS. The ISSM will develop, implement, and enforce cybersecurity policies, monitor control inheritance and system boundary changes, conduct risk assessments, and guide the engineering team in aligning system configurations with RMF controls, Zero Trust principles, and DoD Cloud SRG requirements. The successful candidate will provide strategic security leadership while ensuring that all technical decisions adhere to federal, DoD, and organizational security mandates.
The ISSM will serve as the primary liaison to government stakeholders, authorizing officials, mission partners, auditors, and cross-functional engineering teams. This role requires exceptional communication, documentation, and soft skills to translate complex security requirements into actionable guidance, manage expectations, and foster productive relationships across diverse technical and non-technical audiences. The ISSM will facilitate security briefings, coordinate remediation activities, lead collaboration with development and operations teams, and promote a strong security culture throughout the organization. The ideal candidate is a proactive, detail-oriented leader who brings both deep cybersecurity expertise and the interpersonal skills necessary to influence, educate, and drive secure outcomes in a dynamic DevSecOps environment.
Responsibilities
Develop and implement information security policies and procedures
Conduct risk assessments and vulnerability testing
Monitor and respond to security incidents and threats
Ensure compliance with industry standards and regulations
Manage security audits and assessments
Develop and deliver security awareness training to employees
Stay up-to-date with the latest security trends and technologies
Maintain working relationships with the ISO, AO, SCA, and other IS ISSMs
Other duties as assigned
Qualifications / Technical Experience Requirements
Must be a US citizen
Bachelor’s degree in cybersecurity, computer science, engineering, or related field (or equivalent experience)
5+ years of cybersecurity engineering experience, preferably supporting DoD, federal, or regulated environments
Hands‑on experience with Azure security tools, including Microsoft Defender suite, Sentinel, Purview, and Azure Policy
Strong knowledge of DevSecOps practices, CI/CD pipelines, and integrating security automation into development workflows
Deep understanding of DoD RMF, NIST SP 800‑53 Rev. 5 controls, and security assessment/evidence requirements
Experience implementing CMMC 2.0 or NIST SP 800‑171 controls, including documentation, continuous monitoring, and audit readiness
Proficiency in vulnerability management tools, remediation processes, and risk‑based prioritization
Familiarity with threat intelligence platforms, adversary TTP analysis, and building threat‑informed security detections
All positions at Applied Research Solutions are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity check.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60‑741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60‑300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered contractors and subcontractors to employ and advance in employment qualified protected veterans.
#J-18808-Ljbffr
The Information System Security Manager (ISSM) will lead the cybersecurity governance and compliance efforts for a DoD DevSecOps environment operating on an Azure-based cloud backbone. This role is responsible for overseeing the full lifecycle of Assessment and Authorization (A&A) activities, maintaining continuous Authority to Operate (ATO) compliance, and ensuring the accuracy, completeness, and integrity of all security artifacts within eMASS. The ISSM will develop, implement, and enforce cybersecurity policies, monitor control inheritance and system boundary changes, conduct risk assessments, and guide the engineering team in aligning system configurations with RMF controls, Zero Trust principles, and DoD Cloud SRG requirements. The successful candidate will provide strategic security leadership while ensuring that all technical decisions adhere to federal, DoD, and organizational security mandates.
The ISSM will serve as the primary liaison to government stakeholders, authorizing officials, mission partners, auditors, and cross-functional engineering teams. This role requires exceptional communication, documentation, and soft skills to translate complex security requirements into actionable guidance, manage expectations, and foster productive relationships across diverse technical and non-technical audiences. The ISSM will facilitate security briefings, coordinate remediation activities, lead collaboration with development and operations teams, and promote a strong security culture throughout the organization. The ideal candidate is a proactive, detail-oriented leader who brings both deep cybersecurity expertise and the interpersonal skills necessary to influence, educate, and drive secure outcomes in a dynamic DevSecOps environment.
Responsibilities
Develop and implement information security policies and procedures
Conduct risk assessments and vulnerability testing
Monitor and respond to security incidents and threats
Ensure compliance with industry standards and regulations
Manage security audits and assessments
Develop and deliver security awareness training to employees
Stay up-to-date with the latest security trends and technologies
Maintain working relationships with the ISO, AO, SCA, and other IS ISSMs
Other duties as assigned
Qualifications / Technical Experience Requirements
Must be a US citizen
Bachelor’s degree in cybersecurity, computer science, engineering, or related field (or equivalent experience)
5+ years of cybersecurity engineering experience, preferably supporting DoD, federal, or regulated environments
Hands‑on experience with Azure security tools, including Microsoft Defender suite, Sentinel, Purview, and Azure Policy
Strong knowledge of DevSecOps practices, CI/CD pipelines, and integrating security automation into development workflows
Deep understanding of DoD RMF, NIST SP 800‑53 Rev. 5 controls, and security assessment/evidence requirements
Experience implementing CMMC 2.0 or NIST SP 800‑171 controls, including documentation, continuous monitoring, and audit readiness
Proficiency in vulnerability management tools, remediation processes, and risk‑based prioritization
Familiarity with threat intelligence platforms, adversary TTP analysis, and building threat‑informed security detections
All positions at Applied Research Solutions are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity check.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60‑741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60‑300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered contractors and subcontractors to employ and advance in employment qualified protected veterans.
#J-18808-Ljbffr