Cybersecurity / ISSO SME (Remote)
Ibis Public Sector is seeking an Information Systems Security Officer (ISSO) to lead information security operations for a mission-critical DoD enterprise environment. This Cybersecurity Subject Matter Expert role is a key personnel position responsible for implementing the Risk Management Framework, ensuring continuous cybersecurity compliance, and managing the Authorization to Operate (ATO) lifecycle across cloud, SaaS, and PaaS assets.
What You’ll Do
• Serve as the Information System Security Officer (ISSO) for a DoD enterprise infrastructure operating on Oracle Cloud Infrastructure (OCI), ensuring systems maintain valid ATOs and ATCs.
• Lead and execute all RMF lifecycle activities, including SSP development and maintenance, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and control assessments within eMASS.
• Conduct continuous monitoring of cybersecurity controls aligned with NIST SP 800-53, DISA STIGs, FISMA, and DoDI 8510.01, maintaining systems in a constant state of compliance.
• Oversee weekly STIG and vulnerability reporting, IAVM compliance coordination, and vulnerability remediation prioritization in adherence to JFHQ-DODIN timelines (Critical ≤7 days, High ≤21 days).
• Manage and update POA&Ms within 10 business days of changes; submit monthly POA&M reports to stakeholders and integrate remediation tasks into Agile development workflows.
• Direct and mentor the Junior Cybersecurity Analyst, delegating and reviewing vulnerability reporting, compliance documentation, and audit support activities.
• Coordinate directly with the DMDC Authorizing Official (AO), ISSM, NIWC, and CSSP providers to support audits, CORA assessments, DoD IG reviews, and penetration testing activities.
• Develop and maintain Privacy Impact Assessments (PIAs) and System of Record Notices (SORNs) in accordance with DoD privacy requirements.
• Integrate cybersecurity scanning tools (ACAS/Nessus, Fortify SCC, OpenSCAP, Fortify, SonarQube) into CI/CD pipelines, enforcing shift-left security practices within the DevSecOps framework.
• Maintain eMASS documentation including control implementation evidence, STIG checklists, and scan results mapped to applicable security controls.
Who You Are
• Active DoD 8570 IAM Level II or III certification required; acceptable certifications include CISSP, CAP, CISM, GSLC, or CCISO.
• DoD 8570 IAT Level II baseline certification (e.g., Security+ CE, CCNA Security, CySA+) required.
• 5+ years of experience in DoD cybersecurity, with demonstrated expertise implementing the Risk Management Framework (RMF) and managing ATOs in eMASS.
• Deep knowledge of NIST SP 800-53/800-37, DISA STIGs, FISMA, FISMA, DoDI 8510.01, and JFHQ-DODIN vulnerability remediation timelines.
• Hands-on experience with cybersecurity tools including ACAS (Nessus), Fortify SCC, OpenSCAP, Splunk, SAST/DAST scanning tools, and Cloud Guard.
• Experience operating in OCI, AWS, or equivalent cloud environments within a DoD authorization boundary.
• Ability to work within a multi-organization access architecture (e.g., DMDC, DISA JSP, CSP) and coordinate cross-boundary incident response and compliance activities.
• Strong written and verbal communication skills; ability to brief senior Government stakeholders and produce high-quality compliance documentation.
• Must be able to obtain and maintain a Public Trust clearance.
Who We Are
Ibis Public Sector, formerly known as Isobar Public Sector, is a trusted digital navigator delivering customer-centric solutions to the US Government, Public Sector, and Educational Institutions. We utilize human-centered design, emerging technology, and data-driven transformation to formulate digital solutions to deliver on our client’s modernization goals and improve mission performance.
We put our people first, above all else. We lead authentically and believe investing in our people is the key to our success. In doing so, we enable purposeful collaboration with our people, stakeholders, and clients, successfully striving for dynamic growth and intentional progress.
Here are some of the benefits that accompany full-time employment at Ibis Public Sector:
• We offer flexible time off for vacation and personal time. We believe in treating adults like adults and allowing for open communication between team members and their supervisors to determine proper timing and coverage.
• Participation in the firm’s Benefits Program. This Program includes medical, dental, vision, life, group voluntary benefits, individual voluntary benefits, short-term disability, flexible spending accounts and parental leave benefits.
• Other miscellaneous benefits like Short-Term and Long-Term Disability at no cost, company-covered Life Insurance, access to group legal services, identify theft protection through LifeKeys services, etc.
• After three months of service, you can join the company's 401(k) plan. The company contributes 3% of your salary even if you don't contribute. The company additionally matches your savings dollar for dollar up to 1% of your pay, giving you a total of 5% when you contribute 1%. You must contribute at least 1% to get the additional 1% match from the company.
The anticipated salary range for this position is $185,000.00-$200,000.00. Salary is based on a range of factors that include relevant experience, knowledge, skills, and other job-related qualifications.
Ibis Public Sector is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.
What You’ll Do
• Serve as the Information System Security Officer (ISSO) for a DoD enterprise infrastructure operating on Oracle Cloud Infrastructure (OCI), ensuring systems maintain valid ATOs and ATCs.
• Lead and execute all RMF lifecycle activities, including SSP development and maintenance, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and control assessments within eMASS.
• Conduct continuous monitoring of cybersecurity controls aligned with NIST SP 800-53, DISA STIGs, FISMA, and DoDI 8510.01, maintaining systems in a constant state of compliance.
• Oversee weekly STIG and vulnerability reporting, IAVM compliance coordination, and vulnerability remediation prioritization in adherence to JFHQ-DODIN timelines (Critical ≤7 days, High ≤21 days).
• Manage and update POA&Ms within 10 business days of changes; submit monthly POA&M reports to stakeholders and integrate remediation tasks into Agile development workflows.
• Direct and mentor the Junior Cybersecurity Analyst, delegating and reviewing vulnerability reporting, compliance documentation, and audit support activities.
• Coordinate directly with the DMDC Authorizing Official (AO), ISSM, NIWC, and CSSP providers to support audits, CORA assessments, DoD IG reviews, and penetration testing activities.
• Develop and maintain Privacy Impact Assessments (PIAs) and System of Record Notices (SORNs) in accordance with DoD privacy requirements.
• Integrate cybersecurity scanning tools (ACAS/Nessus, Fortify SCC, OpenSCAP, Fortify, SonarQube) into CI/CD pipelines, enforcing shift-left security practices within the DevSecOps framework.
• Maintain eMASS documentation including control implementation evidence, STIG checklists, and scan results mapped to applicable security controls.
Who You Are
• Active DoD 8570 IAM Level II or III certification required; acceptable certifications include CISSP, CAP, CISM, GSLC, or CCISO.
• DoD 8570 IAT Level II baseline certification (e.g., Security+ CE, CCNA Security, CySA+) required.
• 5+ years of experience in DoD cybersecurity, with demonstrated expertise implementing the Risk Management Framework (RMF) and managing ATOs in eMASS.
• Deep knowledge of NIST SP 800-53/800-37, DISA STIGs, FISMA, FISMA, DoDI 8510.01, and JFHQ-DODIN vulnerability remediation timelines.
• Hands-on experience with cybersecurity tools including ACAS (Nessus), Fortify SCC, OpenSCAP, Splunk, SAST/DAST scanning tools, and Cloud Guard.
• Experience operating in OCI, AWS, or equivalent cloud environments within a DoD authorization boundary.
• Ability to work within a multi-organization access architecture (e.g., DMDC, DISA JSP, CSP) and coordinate cross-boundary incident response and compliance activities.
• Strong written and verbal communication skills; ability to brief senior Government stakeholders and produce high-quality compliance documentation.
• Must be able to obtain and maintain a Public Trust clearance.
Who We Are
Ibis Public Sector, formerly known as Isobar Public Sector, is a trusted digital navigator delivering customer-centric solutions to the US Government, Public Sector, and Educational Institutions. We utilize human-centered design, emerging technology, and data-driven transformation to formulate digital solutions to deliver on our client’s modernization goals and improve mission performance.
We put our people first, above all else. We lead authentically and believe investing in our people is the key to our success. In doing so, we enable purposeful collaboration with our people, stakeholders, and clients, successfully striving for dynamic growth and intentional progress.
Here are some of the benefits that accompany full-time employment at Ibis Public Sector:
• We offer flexible time off for vacation and personal time. We believe in treating adults like adults and allowing for open communication between team members and their supervisors to determine proper timing and coverage.
• Participation in the firm’s Benefits Program. This Program includes medical, dental, vision, life, group voluntary benefits, individual voluntary benefits, short-term disability, flexible spending accounts and parental leave benefits.
• Other miscellaneous benefits like Short-Term and Long-Term Disability at no cost, company-covered Life Insurance, access to group legal services, identify theft protection through LifeKeys services, etc.
• After three months of service, you can join the company's 401(k) plan. The company contributes 3% of your salary even if you don't contribute. The company additionally matches your savings dollar for dollar up to 1% of your pay, giving you a total of 5% when you contribute 1%. You must contribute at least 1% to get the additional 1% match from the company.
The anticipated salary range for this position is $185,000.00-$200,000.00. Salary is based on a range of factors that include relevant experience, knowledge, skills, and other job-related qualifications.
Ibis Public Sector is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.