Senior Information System Security Officer

MANTECH seeks a motivated, self-starter, career and customer-oriented Senior Information System Security Officer to join our team in Doral, FL.

Responsibilities include but are not limited to:

• Lead and conduct comprehensive security assessments of DoD information systems, applications, and infrastructure, executing the Risk Management Framework (RMF) lifecycle in accordance with DoD and federal directives.
• Partner with the J6 Mission Assurance team to identify, map, and secure Mission Relevant Terrain in Cyberspace (MRT-C). Assess and prioritize the defensive posture of Key Terrain in Cyberspace (KT-C) to ensure operational resilience and command/control (C2) availability.
• Work directly, side-by-side with system, database, and network administrators to continuously collect, review, and validate RMF artifacts. Bridge the gap between engineering operations and security compliance.
• Evaluate the effectiveness of implemented security controls against NIST SP 800-53 and CNSSI baselines. Identify vulnerabilities, analyze mission-level risks, and provide actionable recommendations for mitigation and system hardening.
• Develop, update, and maintain critical RMF documentation, including System Security Plans (SSP), Security Assessment Reports (SAR), risk assessments, and Continuous Monitoring (ConMon) Plans to support Authorities to Operate (ATO).
• Prioritize vulnerabilities based on risk and impact to KT-C and the broader mission. Develop and implement remediation plans (POA&Ms); track and report on vulnerability remediation progress to senior leadership.
• Provide security guidance and "shift-left" recommendations to Architects and Engineers during the design phase to ensure systems are built secure-by-design and align with DoD zero-trust principles.

Minimum Qualifications:

• BA/BS in a relevant field necessary to assume Senior Information System Security Officer duties, or 4 additional years of experience in lieu of a degree.
• 9+ years of overall IT/Cyber experience with 5+ years of relevant Senior Information System Security Engineer (ISSO) or RMF Security Control Assessor (SCA) experience.
• Strong, practical understanding of federal security frameworks, standards, and regulations, specifically NIST (e.g., SP 800-53, 800-37), CNSSI, and DoD 8510.01.
• Experience collaborating with technical teams (sysadmins/netadmins) to pull system artifacts, configurations, and logs for compliance verification.
• Experience conducting vulnerability assessments, analyzing ACAS/Tenable scans, and managing POA&Ms.
• Knowledge of security technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) tools.
• Must possess at least one DoD 8570.01-M IAM Level II certification (or higher), such as: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or CASP+ CE. (Note: CompTIA Security+ is IAT II / IAM I; holding an IAM II is required).

Preferred Qualifications:

• Master’s degree in Computer Science, Computer Engineering, Information Systems, or a closely related field.
• Deep expertise in current authorization practices within the DoD (eSpace, eMASS, or Xacta) and transitioning systems from traditional static ATOs to Continuous Monitoring/cATO.
• Experience operating within a Mission Assurance framework, with practical knowledge of assessing Key Terrain in Cyberspace (KT-C) and identifying Single Points of Failure (SPOF).
• Experience with cloud security assessments (IL4/IL5 environments). Knowledge of scripting or programming languages for compliance automation.
• Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtualized systems certification. Red Hat Enterprise License (RHEL) Linux 7, Tenable, and one or more SIEM certifications.
• Relevant assessor/auditor certifications, such as CISA, CGRC (formerly CAP), or CRISC. Technical certifications like Certified Ethical Hacker (CEH) or AWS/Azure Security Specialties are a plus.
• Experience at a DoD Combatant Command (specifically USSOUTHCOM) or a component is highly desired.

Clearance Requirements:

• Must have an active Secret clearance.

Physical Requirements:

• Must be able to remain in a stationary position 50%.
• Constantly operates a computer and other office productivity machinery.
• The person in this position frequently communicates with co-workers, management, and technical stakeholders (admins/engineers), which may involve delivering presentations and interpreting technical data. Must be able to exchange accurate, highly technical information in these situations.