Description
SAIC is seeking a motivated and skilled Senior Information Systems Security Officer (ISSO) to support cybersecurity and compliance activities for mission-critical IT systems on the MAJESTIC Joint Program Office (JPO) Team . In this role, the ISSO will be responsible for implementing, managing, and assessing system security controls to ensure compliance with government regulations, standards, and best practices, including NIST 800-53 , RMF , and other federal security policies.
The ideal candidate will work closely with system owners, administrators, and cross-functional security teams to assess risks, maintain security postures, and ensure the confidentiality, integrity, and availability of information systems that support the mission. This role requires on-site support in Springfield, VA .
Key Responsibilities:
Ensure compliance with Risk Management Framework (RMF) requirements by developing, maintaining, and assessing system security artifacts, including System Security Plans (SSPs), POA&Ms, and applicable policies and procedures
Implement and validate security controls in alignment with NIST 800-53, associated overlays, and system-specific requirements
Support the Accreditation and Authorization (A&A) process, including preparing documentation and achieving and maintaining system Authority to Operate (ATO) status
Conduct risk assessments and vulnerability analysis, identify potential threats and weaknesses, and provide recommendations for mitigation
Work with IT teams to implement system hardening for platforms, applications, and networks in compliance with DISA STIGs and cybersecurity best practices
Perform continuous monitoring of systems using tools such as Splunk, ACAS, or SolarWinds, ensuring real-time threat detection, event notifications, and security compliance validation
Collaborate with cross-functional teams, including system administrators, developers, and ISSMs, to address security risks, system vulnerabilities, and security incidents
Support incident response activities by conducting forensic analysis, generating reports, and coordinating efforts to remediate and recover from security events
Provide cybersecurity awareness training for users and team members to ensure adherence to organizational security requirements and best practices
Prepare and deliver security status updates, risk reports, and briefings to senior stakeholders and leadership
Develop and maintain system documentation, including security control implementation descriptions, policies, and SOPs
Qualifications
Required Qualifications:
Education:
Bachelor's Degree
Certifications (CWF Requirements):
Candidates must satisfy Cybersecurity Workforce Framework (CWF) ID 511 (Cyber Defense Analyst) or 531 (Cyber Defense Auditor, Intermediate Level) requirements, as outlined byNavy COOL (https://www.cool.osd.mil/usn/cswf/index.htmlCWFModel)
This requirement can be met by possessing one or more of the following qualifyingcertifications:
Certified Ethical Hacker (CEH/Practical)
CompTIA Cloud+ CompTIA PenTest+ CompTIA Security+ Federal IT Security Professional-Operator-NG (FITSP-O)
GIAC Certified Enterprise Defender (GCED)
GIAC Continuous Monitoring Certification (GMON)
GIAC Defensible Security Architecture (GDSA)
GIAC Response and Industrial Defense (GRID)
GIAC Security Essentials Certification (GSEC)
GIAC Certified Incident Handler (GCIH)
GIAC Security Essentials Certification (GSEC)
Rocheston Certified Cybersecurity Engineer (RCCE) Level 1
Certified Cloud Security Professional (CCSP)
Cisco Certified Network Associate (CCNA) Cybersecurity (formerly Cisco Cybersecurity Associate)
EC-Council Certified Incident Handler (ECIH)
Federal IT Security Professional-Operator-NG (FITSP-O)
OR This requirement can be met through:
A Bachelor's Degree in Cybersecurity, Computer Science, IT, or a related field
Experience:
2-5 years of professional experience managing and supporting enterprise-levelITenvironments
Technical Skills:
Deep understanding of security frameworks, including NIST 800-53, RMF, and/or DoD 8510.01
Experience developing and maintaining System Security Plans (SSPs) and managing POA&Ms for compliance and audit purposes
Proficiency with vulnerability scanning tools and security analysis platforms, such as Nessus, ACAS, or Qualys
Knowledge of security controls implementation and system hardening using DISA STIGs or CIS Benchmarks for platforms and network-enabled devices
Familiarity with monitoring tools such as Splunk, SolarWinds, or other SIEM solutions for proactive security monitoring and incident management
Strong understanding of Windows Server and Active Directory security, including account policy configurations and group policy enforcement
Basic knowledge of Red Hat Enterprise Linux (RHEL) for security configurations and patching
General understanding of networking concepts, security configurations, and protocols (e.g., TCP/IP, VLANs, IPsec, firewalls)
Ability to conduct risk assessments, analyze vulnerabilities, and make actionable recommendations to remediate threats
Strong analytical and technical writing skills for maintaining security documentation, incident reports, and audit artifacts
Preferred Certifications (In Addition to CWF Requirements):
Certified Information Systems Security Professional (CISSP) or equivalent advanced certifications
Knowledge of continuous monitoring tools and automated compliance tracking systems
Familiarity with encryption standards, PKI infrastructures, and secure key management practices
Hands-on experience with virtualized environments and hyper-converged platforms, such as VMware or Nutanix
Familiarity with ITIL v4 frameworks for managing IT operations and processes
Clearance Requirement:
Active TS/SCI clearance with the ability to obtain and maintain a TS/SCI with Poly
Work Environment and Notes:
On-Site Work: All work must be conducted on-site in Springfield, VA
Program Scope: Supports on-premises enterprise IT environments, including virtualized Windows servers, MS SQL Server databases, and networking layers
Subcontractor Role: Responsibilities and compensation vary based on the subcontract agreement, with a competitive salary aligned to market rates and role-specific requirements
REQNUMBER: 2613010
SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability
