Information System Security Officer
Dragonfli Group
full-time
Posted on:
Location Type: Remote
Location: United States
Visit company websiteExplore more
About the role
- Execute and maintain all RMF lifecycle activities for assigned federal information systems: categorization, control selection, implementation, assessment, authorization, and continuous monitoring
- Develop, maintain, and update system security documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and Authorization to Operate (ATO) packages
- Coordinate with Information System Owners (ISOs), Authorizing Officials (AOs), and Security Control Assessors (SCAs) to drive ATO decisions on schedule
- Monitor security controls on an ongoing basis; identify, document, and track deviations and vulnerabilities to closure
- Conduct and support continuous monitoring activities including log review, vulnerability scan analysis, and configuration compliance validation
- Support incident response activities including documentation, escalation, and remediation tracking
- Maintain system inventory, hardware/software baselines, and interconnection agreements
- Ensure compliance with applicable federal directives including FISMA, OMB A-130, and agency-specific security policies
- Participate in security reviews, audits, and inspections as required
Requirements
- 1-3 years of direct ISSO or ISSO-support experience in a US Federal environment
- Hands-on experience with NIST RMF (SP 800-37) and NIST SP 800-53 security controls
- Demonstrated ability to develop and maintain ATO documentation packages independently
- Familiarity with federal compliance tools such as eMASS, Xacta, or equivalent GRC platforms
- Strong written communication skills; federal documentation standards experience required
Benefits
- Insurance - health, dental, and vision
- PTO & Federal Holidays (paid)
- 401(k) match
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
NIST RMFNIST SP 800-37NIST SP 800-53security documentationvulnerability scan analysisconfiguration compliance validationincident responsesecurity controls monitoringATO documentationrisk management
Soft Skills
strong written communicationorganizational skillscollaborationattention to detailproblem-solving