Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Ibis Public Sector

Cybersecurity, ISSO SME

Ibis Public Sector

Information Systems Security Officer responsible for managing cybersecurity compliance in a DoD environment. Leading Risk Management Framework activities and mentoring cybersecurity analysts.

Posted 4/25/2026full-timeRemote • 🇺🇸 United StatesMid-LevelSenior💰 $185,000 - $200,000 per yearWebsite

Tech Stack

Tools & technologies
AWSCloudCyber SecurityOracleSplunk

About the role

Key responsibilities & impact
  • Serve as the Information System Security Officer (ISSO) for a DoD enterprise infrastructure operating on Oracle Cloud Infrastructure (OCI), ensuring systems maintain valid ATOs and ATCs.
  • Lead and execute all RMF lifecycle activities, including SSP development and maintenance, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and control assessments within eMASS.
  • Conduct continuous monitoring of cybersecurity controls aligned with NIST SP 800-53, DISA STIGs, FISMA, and DoDI 8510.01, maintaining systems in a constant state of compliance.
  • Oversee weekly STIG and vulnerability reporting, IAVM compliance coordination, and vulnerability remediation prioritization in adherence to JFHQ-DODIN timelines (Critical ≤7 days, High ≤21 days).
  • Manage and update POA&Ms within 10 business days of changes; submit monthly POA&M reports to stakeholders and integrate remediation tasks into Agile development workflows.
  • Direct and mentor the Junior Cybersecurity Analyst, delegating and reviewing vulnerability reporting, compliance documentation, and audit support activities.
  • Coordinate directly with the DMDC Authorizing Official (AO), ISSM, NIWC, and CSSP providers to support audits, CORA assessments, DoD IG reviews, and penetration testing activities.
  • Develop and maintain Privacy Impact Assessments (PIAs) and System of Record Notices (SORNs) in accordance with DoD privacy requirements.
  • Integrate cybersecurity scanning tools (ACAS/Nessus, Fortify SCC, OpenSCAP, Fortify, SonarQube) into CI/CD pipelines, enforcing shift-left security practices within the DevSecOps framework.
  • Maintain eMASS documentation including control implementation evidence, STIG checklists, and scan results mapped to applicable security controls.

Requirements

What you’ll need
  • Active DoD 8570 IAM Level II or III certification required; acceptable certifications include CISSP, CAP, CISM, GSLC, or CCISO.
  • DoD 8570 IAT Level II baseline certification (e.g., Security+ CE, CCNA Security, CySA+) required.
  • 5+ years of experience in DoD cybersecurity, with demonstrated expertise implementing the Risk Management Framework (RMF) and managing ATOs in eMASS.
  • Deep knowledge of NIST SP 800-53/800-37, DISA STIGs, FISMA, DoDI 8510.01, and JFHQ-DODIN vulnerability remediation timelines.
  • Hands-on experience with cybersecurity tools including ACAS (Nessus), Fortify SCC, OpenSCAP, Splunk, SAST/DAST scanning tools, and Cloud Guard.
  • Experience operating in OCI, AWS, or equivalent cloud environments within a DoD authorization boundary.
  • Ability to work within a multi-organization access architecture (e.g., DMDC, DISA JSP, CSP) and coordinate cross-boundary incident response and compliance activities.
  • Strong written and verbal communication skills; ability to brief senior Government stakeholders and produce high-quality compliance documentation.
  • Must be able to obtain and maintain a Public Trust clearance.

Benefits

Comp & perks
  • Flexible time off for vacation and personal time.
  • Participation in the firm’s Benefits Program including medical, dental, vision, life, group voluntary benefits, individual voluntary benefits, short-term disability, flexible spending accounts and parental leave benefits.
  • Other miscellaneous benefits like Short-Term and Long-Term Disability at no cost, company-covered Life Insurance, access to group legal services, identity theft protection through LifeKeys services, etc.
  • After three months of service, you can join the company's 401(k) plan. The company contributes 3% of your salary even if you don't contribute. The company additionally matches your savings dollar for dollar up to 1% of your pay, giving you a total of 5% when you contribute 1%. You must contribute at least 1% to get the additional 1% match from the company.

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Risk Management Framework (RMF)cybersecurity controlsvulnerability remediationPrivacy Impact Assessments (PIAs)System of Record Notices (SORNs)continuous monitoringATO managementcompliance documentationDevSecOpsAgile development
Soft Skills
leadershipmentoringcommunicationcollaborationorganizational skills
Certifications
DoD 8570 IAM Level IICISSPCAPCISMGSLCCCISODoD 8570 IAT Level IISecurity+ CECCNA SecurityCySA+