Lead Information System Security Officer (ISSO)

Dark Wolf is seeking a Lead Information System Security Officer (ISSO) to lead a collaborative team to develop, manage, and maintain information system security Assessment and Authorization (A&A) packages. This could include supporting the planning, executing, and monitoring of the seven step RMF process for our customers. This role is essential in providing significant impacts to the program, helping teams navigate ATO, cATO, and deployment processes efficiently while maintaining high standards of security and compliance. This position will be based out of Chantilly,VA with hybrid flexible opportunities. Additional responsibilities include:

• Leading a team of ISSOs to include managing tasking, schedule, and quality of work.
• Serving as the primary POC for the customer and flowing down information to the team accordingly.
• Advises customers on cybersecurity best practices and identifies opportunities to improve efficiency and effectiveness.
• Creating, managing, and maintaining A&A packages to include System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Plans of Action and Milestones (POA&Ms), and other artifacts.
• Supporting the entry and maintenance of data into information system security systems of record, such as eMASS or Xacta.
• Driving cybersecurity activities through all aspects of the systems’ life cycle from planning, development, and deployment while ensuring proper hardening and security analysis is enforced to protect the Confidentiality-Integrity-Availability (C-I-A) of the environment.
• Familiar with briefing ISSMs/SCAs/AOs to provide updates on the Cyber posture of the information system.
• Manage and implement Continuous Monitoring activities, consisting of periodical reviews of controls, audits, vulnerability scans, and penetration test reports.
• POA&M development to compile and track system vulnerabilities, mitigation efforts, remediation and closures; ability to provide fix actions and compensating controls.
• Performs POA&M maintenance to include reviews and stakeholder briefings, as necessary.

Required Qualifications:

• Experience leading a team of Cyber individuals
• 10+ years of relevant Cyber experience
• Experience assessing technical environments and translating implemented security controls into clear NIST SP 800-53 control narratives and supporting Authorization to Operate (ATO) documentation
• Cloud Platform familiarity with at least one service offering from AWS, Azure, or Google GCP
• Experience as an RMF Engineer, ISSO, and/or information assurance engineer
• Hands-on eMASS or Xacta experience completing full system lifecycle activities
• Experience with NIST 800-53 Rev5 and CNSSI 1253
• Experience with Air Force risk management policies/procedures, to include DODI 8510.01, AFI 17-101, Fast Track ATO Handbook & AF Continuous ATO Playbook
• Ability to clearly articulate ideas for executive level consumption
• Ability to use prior experience and knowledge to address new situations; especially during interactions with clients
• B.A. or B.S. Information Security, Computer Science or related discipline; or in lieu of degree, 3 years of equivalent industry experience
• US Citizenship and have a TS/SCI security clearance

Desired Qualifications:

• Knowledgeable with the Air Force A&A process and requirements
• Knowledge of SIEM tools such as Splunk/Elastic
• Knowledgeable with DoD DevSecOps Fundamentals Playbook
• Experience with DoD Fast Track ATO Handbook & Air Force Continuous ATO Playbook methodologies

The salary range for this position is estimated to be between $150,000.00 - $180,000.00, commensurate on experience and technical skillset.

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.

We are strictly looking for direct, full-time W2 employees. We do not engage with third-party staffing agencies, C2C, or 1099 independent contractors for this role.