Cleared On Site Mid-Level Information Systems Security Officers (ISSO) (5358)

SMX is seeking a highly motivated Information System Security Officer (ISSO) – Mid to support a mission-critical federal program in Washington, DC. This individual will serve as a key cybersecurity resource responsible for supporting the security posture, compliance activities, and operational security requirements of enterprise information systems and applications. The selected candidate will act as a trusted advisor to System Owners (SOs), Business Process Owners, Information System Security Managers (ISSMs), and cybersecurity leadership on matters related to information system security, risk management, and regulatory compliance. This role requires experience supporting Risk Management Framework (RMF) activities, implementing security controls, monitoring system security posture, and ensuring information systems remain compliant with federal cybersecurity requirements while supporting mission objectives. This position is on site in Washington, DC and requires an active TS/SCI clearance.

Essential Duties & Responsibilities:

• Serve as a primary cybersecurity advisor to System Owners (SOs), Business Process Owners, and ISSMs on matters related to information system security
• Support implementation, maintenance, and continuous improvement of security controls across enterprise systems and applications
• Assist with Risk Management Framework (RMF) activities including system categorization, security control implementation, assessment support, and continuous monitoring
• Develop, maintain, and update security documentation including System Security Plans (SSPs), POA&Ms, security procedures, and supporting authorization artifacts
• Monitor system security posture and identify risks, vulnerabilities, and compliance gaps requiring remediation
• Coordinate with engineers, system administrators, developers, and security personnel to ensure security requirements are incorporated throughout the system lifecycle
• Support Authorization to Operate (ATO) activities and ongoing authorization maintenance efforts
• Conduct security reviews and assessments to validate implementation and effectiveness of security controls
• Assist in the identification, documentation, tracking, and remediation of security findings and vulnerabilities
• Review and validate user access controls, privileged accounts, hardware inventories, software inventories, and system configurations
• Support audit activities, compliance reviews, and cybersecurity inspections
• Provide guidance regarding physical and logical protection of information system assets
• Develop reports, metrics, and recommendations related to system security posture and compliance status
• Recommend improvements to security processes, procedures, and operational controls
• Support incident response, security investigations, and remediation activities as required

Required Skills & Experience

• Active TS/SCI clearance required
• Minimum of 5 years of professional experience supporting cybersecurity, information assurance, RMF, or information system security activities
• Experience serving as an ISSO, cybersecurity analyst, security engineer, or related security role within a federal environment
• Experience supporting Risk Management Framework (RMF) activities and Authorization to Operate (ATO) processes
• Experience developing and maintaining SSPs, POA&Ms, security control documentation, and related authorization artifacts
• Familiarity with NIST 800-53, NIST 800-37, FISMA, and federal cybersecurity requirements
• Experience implementing and assessing security controls within enterprise information systems
• Experience supporting vulnerability management, remediation tracking, and continuous monitoring activities
• Knowledge of access control management, security documentation, and compliance reporting
• Strong analytical, troubleshooting, and problem-solving skills
• Ability to assess risks and recommend practical security solutions
• Strong written and verbal communication skills
• Ability to work independently while managing multiple priorities in a fast-paced environment

Desired Skills & Experience

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or related field
• Experience supporting federal government, law enforcement, intelligence community, or national security programs
• Experience supporting cloud-based systems and cloud security compliance activities
• Experience supporting Governance, Risk, and Compliance (GRC) platforms
• Familiarity with enterprise security tools including vulnerability scanners, SIEM platforms, and compliance monitoring tools
• Experience supporting security audits, inspections, and assessment activities
• Familiarity with Agile development methodologies and DevSecOps practices
• One or more of the following certifications preferred:
• Security+
• CAP (Certified Authorization Professional)
• SSCP
• GSEC
• CISSP Associate
• CASP+
• Other relevant cybersecurity certifications

Application Deadline: 9-4-2026

# LI-SA1

The SMX salary determination process takes into account a number of factors, including but not limited to, geographic location, Federal Government contract labor categories, relevant prior work experience, specific skills, education and certifications. At SMX, one of our Core Values is to Invest in Our People so we offer a competitive mix of compensation, learning & development opportunities, and benefits. Some key components of our robust benefits include health insurance, paid leave, and retirement.