This position is to support The Defense Advanced Research Projects Agency

As an Information Systems Security Manager (ISSM), you will be responsible for leading the security authorization efforts of complex information systems in support of federal compliance frameworks such as the Risk Management Framework (RMF). You’ll manage the creation and maintenance of all ATO-related documentation, ensure ongoing system compliance, and embed cybersecurity best practices into containerized and DevOps environments. This role bridges technical implementation with policy and compliance, requiring both strategic oversight and hands-on support.

Key Responsibilities:

• Lead the development, maintenance, and submission of all ATO package artifacts, including:
• System Security Plans (SSPs)
• Security Control Traceability Matrices (SCTMs)
• Port, Protocol, and Service Management (PPSM) documentation
• Hardware/Software Inventory Lists
• Plan of Action and Milestones (POA&Ms)
• Integrate cybersecurity best practices into DevOps pipelines and Kubernetes clusters to promote secure-by-design development.
• Collaborate closely with system owners, developers, and project managers to guide security control implementation and policy adherence across the SDLC.
• Serve as the primary liaison with Security Control Assessors (SCAs) and the Authorizing Official (AO) office during audits and assessments.
• Conduct vulnerability and risk assessments on systems and applications, providing mitigation strategies aligned with NIST 800-53, CNSSI 1253, or other applicable frameworks.
• Provide continuous monitoring oversight, ensuring systems remain compliant with government security requirements post-authorization.
• Assist with the evaluation, selection, and implementation of security tools and solutions to strengthen the system’s security posture.
• Lead or support change management processes, including participating in Change Control Boards (CCBs) and ensuring updates don’t compromise security compliance.
• Monitor system upgrades, patches, and new deployments for impact on the accreditation boundary, updating artifacts as needed.
• Support the development of audit and accountability plans, including logging, monitoring, and incident response procedures.

Required Skills & Qualifications:

• 12+ years of relevant experience. Experience managing or supporting government ATO efforts under frameworks such as RMF, FedRAMP, or DoD RMF
• Proficient with documentation, assessment, and implementation of NIST 800-53 security controls
• Familiar with modern DevSecOps practices, including CI/CD pipelines, Infrastructure as Code (IaC), and security automation
• Hands-on experience with Kubernetes, containerization (e.g., Docker), and cloud platforms (Azure preferred)
• Experience conducting vulnerability assessments using tools such as Nessus, OpenVAS, or similar
• Strong communication skills and experience coordinating with cross-functional teams and government stakeholders

Security Clearance: Active TS/SCI required

Certifications (Required/Preferred):

• Required: CompTIA Security+ (DoD 8570 Baseline Certification, IAM Level I minimum)
• Preferred: CISSP, CISM, CISA, or equivalent certifications

Education:

• Bachelor’s degree in Information Security, Computer Science, Engineering, or related field (or equivalent experience)