Roles & Responsibilities

1-3 years of direct ISSO or ISSO-support experience in a US Federal environment
Hands-on experience with NIST RMF (SP 800-37) and NIST SP 800-53 security controls
Demonstrated ability to develop and maintain ATO documentation packages independently
Familiarity with federal compliance tools such as eMASS, Xacta, or equivalent GRC platforms

Requirements:

Execute and maintain all RMF lifecycle activities for assigned federal information systems: categorization, control selection, implementation, assessment, authorization, and continuous monitoring
Develop, maintain, and update system security documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POAMs), and Authorization to Operate (ATO) packages
Coordinate with Information System Owners (ISOs), Authorizing Officials (AOs), and Security Control Assessors (SCAs) to drive ATO decisions on schedule
Monitor security controls on an ongoing basis; identify, document, and track deviations and vulnerabilities to closure

Job description

Description

Dragonfli Group is sourcing an Information System Security Officer (ISSO) to deliver hands-on security authorization and continuous monitoring support for a large-scale US Federal enterprise engagement. This is an execution-focused role operating within a mature NIST Risk Management Framework (RMF) environment. The ISSO will own the day-to-day security posture of assigned information systems, driving ATO lifecycle activities, maintaining compliance documentation, and coordinating with system owners and authorizing officials.

Candidates with 1-3 years of direct federal ISSO experience are strongly encouraged to apply.

Responsibilities

Execute and maintain all RMF lifecycle activities for assigned federal information systems: categorization, control selection, implementation, assessment, authorization, and continuous monitoring
Develop, maintain, and update system security documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and Authorization to Operate (ATO) packages
Coordinate with Information System Owners (ISOs), Authorizing Officials (AOs), and Security Control Assessors (SCAs) to drive ATO decisions on schedule
Monitor security controls on an ongoing basis; identify, document, and track deviations and vulnerabilities to closure
Conduct and support continuous monitoring activities including log review, vulnerability scan analysis, and configuration compliance validation
Support incident response activities including documentation, escalation, and remediation tracking
Maintain system inventory, hardware/software baselines, and interconnection agreements
Ensure compliance with applicable federal directives including FISMA, OMB A-130, and agency-specific security policies
Participate in security reviews, audits, and inspections as required

Requirements

Required Qualifications

1-3 years of direct ISSO or ISSO-support experience in a US Federal environment
Hands-on experience with NIST RMF (SP 800-37) and NIST SP 800-53 security controls
Demonstrated ability to develop and maintain ATO documentation packages independently
Familiarity with federal compliance tools such as eMASS, Xacta, or equivalent GRC platforms
Strong written communication skills; federal documentation standards experience required