Information System Security Officer

DescriptionDragonfli Group is sourcing an Information System Security Officer (ISSO) to deliver hands-on security authorization and continuous monitoring support for a large-scale US Federal enterprise engagement. This is an execution-focused role operating within a mature NIST Risk Management Framework (RMF) environment. The ISSO will own the day-to-day security posture of assigned information systems, driving ATO lifecycle activities, maintaining compliance documentation, and coordinating with system owners and authorizing officials.Candidates with 1-3 years of direct federal ISSO experience are strongly encouraged to apply.ResponsibilitiesExecute and maintain all RMF lifecycle activities for assigned federal information systems: categorization, control selection, implementation, assessment, authorization, and continuous monitoringDevelop, maintain, and update system security documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and Authorization to Operate (ATO) packagesCoordinate with Information System Owners (ISOs), Authorizing Officials (AOs), and Security Control Assessors (SCAs) to drive ATO decisions on scheduleMonitor security controls on an ongoing basis; identify, document, and track deviations and vulnerabilities to closureConduct and support continuous monitoring activities including log review, vulnerability scan analysis, and configuration compliance validationSupport incident response activities including documentation, escalation, and remediation trackingMaintain system inventory, hardware/software baselines, and interconnection agreementsEnsure compliance with applicable federal directives including FISMA, OMB A-130, and agency-specific security policiesParticipate in security reviews, audits, and inspections as requiredRequirementsRequired Qualifications1-3 years of direct ISSO or ISSO-support experience in a US Federal environmentHands-on experience with NIST RMF (SP 800-37) and NIST SP 800-53 security controlsDemonstrated ability to develop and maintain ATO documentation packages independentlyFamiliarity with federal compliance tools such as eMASS, Xacta, or equivalent GRC platformsStrong written communication skills; federal documentation standards experience requiredBenefitsInsurance - health, dental, and visionPTO & Federal Holidays (paid)401(k) matchOriginally posted on Himalayas