Information Systems Security / Corporate Security Officer (CSO)

ITCON Services is seeking an experienced and highly skilled Information Systems Security / Corporate Security Officer (CSO) to provide security leadership across multiple federal and corporate information systems in a fast‐paced, mission‐driven environment. The ideal candidate is a proactive security leader with deep knowledge of federal cybersecurity standards, enterprise risk management, cloud security, and the Risk Management Framework (RMF). This role partners closely with engineering, development, leadership, and customer teams while supporting security governance and solution design across multiple programs.

At ITCON, we offer competitive compensation, paid training and development opportunities, healthcare benefits that start on your first day, commuter benefits, work-life balance, and the opportunity to work alongside an amazing and growing team.

Applicant must be a permanent resident or citizen of the United States and clearable for Public Trust clearance with the U.S. Government.

---

Key Responsibilities

Security Governance, Vulnerability Management & Operations

• Lead enterprise vulnerability management activities, including scanning, analysis, and risk triage across multiple systems and environments.
• Interpret scan results and direct prioritized remediation plans.
• Coordinate with engineering and development teams to ensure timely remediation and patching.
• Track and manage Plans of Action & Milestones (POA&Ms), ensuring risk mitigation is completed within required timeframes.
• Oversee operational security processes to protect corporate and federal information systems.

RMF, ATO, and Corporate Compliance

• Develop and maintain complete ATO packages and security documentation (e.g., SSPs, SARs, CMPs, Contingency Plans).
• Lead Certification & Accreditation (C&A) activities using NIST 800-53 and other federal security frameworks.
• Ensure compliance in FedRAMP, Azure, AWS, PCI DSS, and multi-tenant cloud environments.
• Conduct ongoing system monitoring, continuous diagnostics, and reporting for internal leadership and federal stakeholders.

Security Architecture & Engineering

• Design, recommend, and validate integrated security solutions to protect sensitive and proprietary data.
• Design and implement enterprise security controls including firewalls, Web Application Firewalls (WAFs), and SIEM tooling.
• Provide technical security engineering services, including secure configuration, hardening, and architecture review.
• Translate business and security requirements into actionable technical designs during strategic planning.

Cloud Security & DevSecOps Integration

• Apply modern cloud security concepts, including identity, access, governance, logging, and workload protection.
• Provide oversight of edge security platforms such as Akamai or Azure Front Door.
• Partner with DevSecOps and engineering teams to integrate security controls into CI/CD pipelines.
• Assess cloud posture, drive remediation, and communicate overall system risk.

Collaboration, Communication & Leadership

• Serve as a senior security advisor to technical teams, corporate leadership, and federal clients.
• Contribute to the development and enforcement of internal security best practices.
• Support proposal development by providing technical security content and solution input.
• Represent the organization in security-focused discussions, reviews, and assessments.

---

Required Skills and Qualifications

• 6+ years of experience supporting regulatory, audit, or compliance programs for secure cloud or federal systems.
• 4–6 years hands-on experience in an Information Security, ISSO, or corporate security leadership role for major enterprise or federal systems.
• Strong understanding of NIST 800-series, FISMA, RMF, continuous monitoring, and federal security control requirements.
• Demonstrated experience in:
  • Vulnerability scanning and interpretation
  • Managing ATO/C&A activities
  • Selecting and implementing security controls
  • Cloud security engineering (Azure, AWS, GovCloud, FedRAMP)
  • Monitoring and managing multi-organization compliance
  • Communicating complex security concepts in business-friendly language
• Experience with DevSecOps processes and secure SDLC practices.
• Bachelor's degree in STEM (Science, Technology, Engineering, Mathematics).
• U.S. Citizen or Permanent Resident; eligible for Public Trust clearance.

---

Desired Skills and Qualifications

• 7+ years of experience in security operations, incident investigation, and network security monitoring.
• Experience developing system/application certification and accreditation documentation.
• Experience working in Agile / SAFe environments and supporting testing activities.
• Experience conducting risk assessments, threat identification, security categorization, gap analysis, and compliance reporting.
• Active certifications preferred:
  • CISSP (Certified Information Systems Security Professional)
  • CAP (Certified Authorization Professional)
  • Other relevant certifications (Security+, CISM, CCSP) a plus.