Information System Security Officer

Dragonfli Group is sourcing an Information System Security Officer (ISSO) to deliver hands-on security authorization and continuous monitoring support for a large-scale US Federal enterprise engagement. This is an execution-focused role operating within a mature NIST Risk Management Framework (RMF) environment. The ISSO will own the day-to-day security posture of assigned information systems, driving ATO lifecycle activities, maintaining compliance documentation, and coordinating with system owners and authorizing officials.

Candidates with 1-3 years of direct federal ISSO experience are strongly encouraged to apply.

Responsibilities

• Execute and maintain all RMF lifecycle activities for assigned federal information systems: categorization, control selection, implementation, assessment, authorization, and continuous monitoring
• Develop, maintain, and update system security documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and Authorization to Operate (ATO) packages
• Coordinate with Information System Owners (ISOs), Authorizing Officials (AOs), and Security Control Assessors (SCAs) to drive ATO decisions on schedule
• Monitor security controls on an ongoing basis; identify, document, and track deviations and vulnerabilities to closure
• Conduct and support continuous monitoring activities including log review, vulnerability scan analysis, and configuration compliance validation
• Support incident response activities including documentation, escalation, and remediation tracking
• Maintain system inventory, hardware/software baselines, and interconnection agreements
• Ensure compliance with applicable federal directives including FISMA, OMB A-130, and agency-specific security policies
• Participate in security reviews, audits, and inspections as required

Required Qualifications

• 1-3 years of direct ISSO or ISSO-support experience in a US Federal environment
• Hands-on experience with NIST RMF (SP 800-37) and NIST SP 800-53 security controls
• Demonstrated ability to develop and maintain ATO documentation packages independently
• Familiarity with federal compliance tools such as eMASS, Xacta, or equivalent GRC platforms
• Strong written communication skills; federal documentation standards experience required

Insurance - health, dental, and vision

PTO & Federal Holidays (paid)

401(k) match