Information Systems Security Officer (Technical ISSO / RMF Assessor)

About The Position

Requirements

• Active TS clearance with SCI eligibility OR TS/SCI clearance adjudication with current polygraph OR the ability to pass a polygraph.
• Bachelor's degree in a relevant technical field with 8+ years of relevant experience, or 12+ years of experience in lieu of a degree.
• 8+ years of hands-on experience as an ISSO, ISSE, Assessor, Security Engineer, or closely related DoD cybersecurity role.
• Demonstrated experience writing STPs, creating SCTMs, and developing implementation statements.
• Hands-on experience performing STIG interpretation and remediation.
• Experience reviewing and validating ACAS/Nessus vulnerability scan results.
• Ability to use Splunk (or similar SIEM) to validate security controls and investigate anomalies.
• Direct experience authoring ATO documentation (SSP, SAR, POA&M, etc.).
• Strong working knowledge of NIST SP 800-53, RMF, and DoD cybersecurity requirements.
• Experience using Xacta or eMASS to manage RMF artifacts.
• DoD 8570 IAM-II compliant certification (e.g., Security+, CISSP, CISM).
• Strong written and verbal communication skills with the ability to explain technical topics clearly.

Nice To Haves

• Experience as a Security Control Assessor (SCA) or assessor support.
• Familiarity with FISMA, FISCAM, and federal audit requirements.
• Experience supporting cloud environments (AWS GovCloud preferred).
• Experience with automation or scripting to support security tasks.
• Strong understanding of Zero Trust principles.
• Experience supporting SAP/SAR or other high-side environments.

Responsibilities

• Develop, write, and maintain Security Test Procedures (STPs) for NIST SP 800-53 controls.
• Create and update Security Controls Traceability Matrices (SCTMs) .
• Draft, review, and refine control implementation statements for all control families.
• Interpret and remediate STIG/SCAP findings across operating systems, applications, and infrastructure.
• Conduct and analyze ACAS/Nessus vulnerability scan results; validate findings with engineering teams; track remediation to closure.
• Perform Splunk log analysis to validate control operation and investigate anomalies.
• Prepare and update core ATO documentation including SSPs, SARs, POA&Ms, Contingency Plans, Continuous Monitoring artifacts , and other related Body of Evidence (BoE) components.
• Lead and support RMF Steps 1–6 for assigned systems.
• Manage, validate, and maintain control evidence in alignment with NIST SP 800-53 and DoD requirements.
• Support continuous monitoring activities, including log review, vulnerability assessments, and control re-validation.
• Coordinate directly with system owners and engineering teams to address security gaps.
• Ensure system documentation is maintained accurately and entered in tools such as Xacta or eMASS .
• Provide security guidance for system changes, risk assessments, and configuration updates.
• Communicate technical risks, findings, and required actions to system owners, government counterparts, and internal leadership.
• Participate in security meetings, assessments, and audits.
• Assist with incident response activities as needed, including log review and security control validation.

Benefits

• Peraton offers enhanced benefits to employees working on this critical National Security program, which include heavily subsidized employee benefits coverage for you and your dependents, 25 days of PTO accrued annually up to a generous PTO cap and eligible to participate in an attractive bonus plan