We are an employee-centric company that truly values our team members and the contributions they make to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and on building teams that are and continue to be technically proficient across a broad range of cyber mission areas. OneZero full-time employees receive a highly competitive benefits package including health dental vision and life insurance a 401(k) with company matching paid time off and holidays an employee referral program and educational assistance.Additional details are available on our website: Title: Information System Security Officer (ISSO)
Location: On-site in a SCIF in the National Capital Region (NCR) Nebraska Avenue Complex Washington DC (work locations transitioning to ICCB Bethesda / St. Elizabeths). Telework is not authorized; a designated Key Person must be available on-site during core hour
Clearance: TS/SCI
Job Summary:
Serve as the primary security point of contact for assigned systems coordinating daily with system owners ISSMs ISSEs program managers and government stakeholder. Prepare and deliver regular security status reports covering system compliance posture open POA&M items continuous monitoring results and outstanding risks. Brief system owners and program leadership on security findings risk decisions and authorization status changes.
Education and Experience:
Bachelors degree in Cybersecurity Information Technology Computer Science Information Systems or a closely related field
58 years of total cybersecurity or information assurance experience with demonstrated depth across the following disciplines:
3 years serving as an ISSO or equivalent role supporting federal DHS or IC programs
3 years supporting RMF activities including SSP development security control assessment continuous monitoring and POA&M management
2 years working in classified environments at the TS/SCI level including handling storage and processing of classified information in accordance with applicable security policies
2 years supporting or assessing Cross Domain Solutions (CDS) including data transfer validation CDS policy enforcement and coordination with accreditation authorities
2 years supporting AI or data-intensive system assessments with working knowledge of the unique security considerations for Generative AI systems including data integrity model security prompt injection risks and output validation
Working knowledge of applicable federal security frameworks including NIST 800-53 NIST 800-137 ICD 503 CNSSI 1253 and DHS security policy
Familiarity with Archer GRC or equivalent governance risk and compliance platforms for control tracking and assessment documentation
Experience coordinating directly with ISSMs ISSEs system owners and Authorizing Officials on security authorization and compliance matters
Certifications: Security CISSP CISM CAP or equivalent
Essential Duties:
Monitor and maintain the security posture of assigned TS/SCI systems CDS and Generative AI platforms ensuring continuous compliance with applicable security requirements and authorization conditions
Conduct ongoing review of system configurations user access audit logs and security controls to detect deviations anomalies and potential vulnerabilities
Perform continuous monitoring activities in accordance with NIST 800-137 and program-specific continuous monitoring strategies including control assessments log reviews and security metric reporting
Track and report security-relevant changes to assigned systems assessing the impact of changes on system authorization status and initiating re-assessment activities as
Support and coordinate vulnerability scanning patch compliance tracking and remediation validation across assigned systems including AI infrastructure and CDS components
Maintain awareness of the evolving threat landscape as it pertains to Generative AI systems including emerging risks such as prompt injection model poisoning dataexfiltration through AI outputs and adversarial inputs
Develop maintain and update complete RMF authorization packages including System Security Plans (SSP) Security Assessment Reports (SAR) Plans of Action and Milestones (POA&M) Interconnection Security Agreements (ISA) and supporting artifacts
Ensure all CDS-specific documentation requirements are met including data transfer validation records CDS accreditation artifacts and coordination with the Authorizing Official and relevant accreditation bodies
Document AI-specific security considerations within authorization packages including model provenance training data controls input/output validation mechanisms and Generative AI-specific risk acceptance decisions
Coordinate with ISSEs and system architects to ensure security controls are correctly implemented validated and documented prior to authorization
Manage POA&M items through their full lifecycle - creation tracking evidence collection remediation verification and closure
Review remediation artifacts
OneZero Solutions LLC is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age pregnancy genetic information disability status as a protected veteran or any other protected category under applicable federal state and local laws.
To request an accommodation please contact us at or call .
Required Experience:
Unclear Seniority
We are an employee-centric company that truly values our team members and the contributions they make to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and on building teams that are and continue to be technically proficient across a broad range of ...
We are an employee-centric company that truly values our team members and the contributions they make to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and on building teams that are and continue to be technically proficient across a broad range of cyber mission areas. OneZero full-time employees receive a highly competitive benefits package including health dental vision and life insurance a 401(k) with company matching paid time off and holidays an employee referral program and educational assistance.Additional details are available on our website: Title: Information System Security Officer (ISSO)
Location: On-site in a SCIF in the National Capital Region (NCR) Nebraska Avenue Complex Washington DC (work locations transitioning to ICCB Bethesda / St. Elizabeths). Telework is not authorized; a designated Key Person must be available on-site during core hour
Clearance: TS/SCI
Job Summary:
Serve as the primary security point of contact for assigned systems coordinating daily with system owners ISSMs ISSEs program managers and government stakeholder. Prepare and deliver regular security status reports covering system compliance posture open POA&M items continuous monitoring results and outstanding risks. Brief system owners and program leadership on security findings risk decisions and authorization status changes.
Education and Experience:
Bachelors degree in Cybersecurity Information Technology Computer Science Information Systems or a closely related field
58 years of total cybersecurity or information assurance experience with demonstrated depth across the following disciplines:
3 years serving as an ISSO or equivalent role supporting federal DHS or IC programs
3 years supporting RMF activities including SSP development security control assessment continuous monitoring and POA&M management
2 years working in classified environments at the TS/SCI level including handling storage and processing of classified information in accordance with applicable security policies
2 years supporting or assessing Cross Domain Solutions (CDS) including data transfer validation CDS policy enforcement and coordination with accreditation authorities
2 years supporting AI or data-intensive system assessments with working knowledge of the unique security considerations for Generative AI systems including data integrity model security prompt injection risks and output validation
Working knowledge of applicable federal security frameworks including NIST 800-53 NIST 800-137 ICD 503 CNSSI 1253 and DHS security policy
Familiarity with Archer GRC or equivalent governance risk and compliance platforms for control tracking and assessment documentation
Experience coordinating directly with ISSMs ISSEs system owners and Authorizing Officials on security authorization and compliance matters
Certifications: Security CISSP CISM CAP or equivalent
Essential Duties:
Monitor and maintain the security posture of assigned TS/SCI systems CDS and Generative AI platforms ensuring continuous compliance with applicable security requirements and authorization conditions
Conduct ongoing review of system configurations user access audit logs and security controls to detect deviations anomalies and potential vulnerabilities
Perform continuous monitoring activities in accordance with NIST 800-137 and program-specific continuous monitoring strategies including control assessments log reviews and security metric reporting
Track and report security-relevant changes to assigned systems assessing the impact of changes on system authorization status and initiating re-assessment activities as
Support and coordinate vulnerability scanning patch compliance tracking and remediation validation across assigned systems including AI infrastructure and CDS components
Maintain awareness of the evolving threat landscape as it pertains to Generative AI systems including emerging risks such as prompt injection model poisoning dataexfiltration through AI outputs and adversarial inputs
Develop maintain and update complete RMF authorization packages including System Security Plans (SSP) Security Assessment Reports (SAR) Plans of Action and Milestones (POA&M) Interconnection Security Agreements (ISA) and supporting artifacts
Ensure all CDS-specific documentation requirements are met including data transfer validation records CDS accreditation artifacts and coordination with the Authorizing Official and relevant accreditation bodies
Document AI-specific security considerations within authorization packages including model provenance training data controls input/output validation mechanisms and Generative AI-specific risk acceptance decisions
Coordinate with ISSEs and system architects to ensure security controls are correctly implemented validated and documented prior to authorization
Manage POA&M items through their full lifecycle - creation tracking evidence collection remediation verification and closure
Review remediation artifacts
OneZero Solutions LLC is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age pregnancy genetic information disability status as a protected veteran or any other protected category under applicable federal state and local laws.
To request an accommodation please contact us at or call .