Overview:
ILS Inc. is seeking an experienced Information System Security Officer (ISSO) to support a federal program’s security and compliance requirements. The ISSO will play a critical role in maintaining the security posture of enterprise IT systems in accordance with federal regulations, including FISMA, NIST 800-53, and FedRAMP. This position requires on-site presence two days per week at our Fairfax, VA headquarters.
MUST BE LOCAL TO DC METRO AREA (hybrid support - 2 days in ILS HQ office, located in Fairfax, VA 22033).
Must be able to be W2 employee; no C2C.

Responsibilities:

• Serve as the primary security point of contact for assigned federal information systems throughout the System Development Life Cycle (SDLC).
• Develop, maintain, and update System Security Plans (SSP), Security Assessment Reports (SAR), Plan of Action and Milestones (POA&M), and other ATO documentation.
• Ensure compliance with FISMA, NIST 800-53, FedRAMP, and agency-specific cybersecurity frameworks.
• Coordinate with system owners, engineers, developers, and external stakeholders to implement security controls and remediation strategies.
• Conduct and support security assessments, continuous monitoring, and vulnerability management activities.
• Participate in risk assessments, threat modeling, and incident response planning.
• Track and report on the status of security findings, plans of action, and ongoing audit activities.
• Support the development and delivery of security training and awareness activities for program staff.

Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 5+ years of experience in information security or cybersecurity roles, including direct ISSO experience supporting federal systems.
• Strong knowledge of NIST SP 800-53, FISMA, and FedRAMP frameworks.
• Hands-on experience preparing and maintaining ATO packages and supporting RMF processes.
• Familiarity with vulnerability scanning tools (e.g., Nessus, Qualys), SIEMs, and security dashboards.
• Excellent documentation, communication, and coordination skills.

Preferred Skills

• Professional certifications such as CISSP, CISM, CAP, or Security+.
• Experience using eMASS, CSAM, or other compliance management platforms.
• Understanding of cloud security controls in AWS, Azure, or GCP environments.
• Background in supporting applications or systems within government, finance, or healthcare sectors.
• Knowledge of incident response, audit readiness, or insider threat programs.

• Serve as the primary security point of contact for assigned federal information systems throughout the System Development Life Cycle (SDLC).
• Develop, maintain, and update System Security Plans (SSP), Security Assessment Reports (SAR), Plan of Action and Milestones (POA&M), and other ATO documentation.
• Ensure compliance with FISMA, NIST 800-53, FedRAMP, and agency-specific cybersecurity frameworks.
• Coordinate with system owners, engineers, developers, and external stakeholders to implement security controls and remediation strategies.
• Conduct and support security assessments, continuous monitoring, and vulnerability management activities.
• Participate in risk assessments, threat modeling, and incident response planning.
• Track and report on the status of security findings, plans of action, and ongoing audit activities.
• Support the development and delivery of security training and awareness activities for program staff