Information Systems Security Officer (Technical ISSO / RMF Assessor)

Job Summary

We are seeking a highly skilled and technically proficient Information Systems Security Officer (ISSO) with hands-on experience developing, implementing, and validating security controls within DoD RMF environments. This role requires deep technical understanding of NIST SP 800-53 controls, STIG implementation, vulnerability analysis, and the ability to produce assessable, audit-ready security documentation.

The ideal candidate will be confident writing Security Test Procedures (STPs), building Security Controls Traceability Matrices (SCTMs), interpreting ACAS/Nessus scan results, and using Splunk to verify control effectiveness. This ISSO will work closely with system owners, engineers, and government stakeholders to support ATO efforts and continuous monitoring activities.

Duties & Responsibilities:

Core Technical Responsibilities

Develop, write, and maintain Security Test Procedures (STPs) for NIST SP 800-53 controls.
• Create and update Security Controls Traceability Matrices (SCTMs).
• Draft, review, and refine control implementation statements for all control families.
• Interpret and remediate STIG/SCAP findings across operating systems, applications, and infrastructure.
• Conduct and analyze ACAS/Nessus vulnerability scan results; validate findings with engineering teams; track remediation to closure.
• Perform Splunk log analysis to validate control operation and investigate anomalies.
• Prepare and update core ATO documentation including SSPs, SARs, POA&Ms, Contingency Plans, Continuous Monitoring artifacts, and other related Body of Evidence (BoE) components.

RMF & Security Lifecycle

• Lead and support RMF Steps 1-6 for assigned systems.
• Manage, validate, and maintain control evidence in alignment with NIST SP 800-53 and DoD requirements.
• Support continuous monitoring activities, including log review, vulnerability assessments, and control re-validation.
• Coordinate directly with system owners and engineering teams to address security gaps.
• Ensure system documentation is maintained accurately and entered in tools such as Xacta or eMASS.
• Provide security guidance for system changes, risk assessments, and configuration updates.

Collaboration & Stakeholder Support

• Communicate technical risks, findings, and required actions to system owners, government counterparts, and internal leadership.
• Participate in security meetings, assessments, and audits.
• Assist with incident response activities as needed, including log review and security control validation.

Required Qualifications

• Active TS clearance with SCI eligibility OR TS/SCI clearance adjudication with current polygraph OR the ability to pass a polygraph.
• Bachelor's degree in a relevant technical field with 8+ years of relevant experience, or 12+ years of experience in lieu of a degree.
• 8+ years of hands-on experience as an ISSO, ISSE, Assessor, Security Engineer, or closely related DoD cybersecurity role.
• Demonstrated experience writing STPs, creating SCTMs, and developing implementation statements.
• Hands-on experience performing STIG interpretation and remediation.
• Experience reviewing and validating ACAS/Nessus vulnerability scan results.
• Ability to use Splunk (or similar SIEM) to validate security controls and investigate anomalies.
• Direct experience authoring ATO documentation (SSP, SAR, POA&M, etc.).
• Strong working knowledge of NIST SP 800-53, RMF, and DoD cybersecurity requirements.
• Experience using Xacta or eMASS to manage RMF artifacts.
• DoD 8570 IAM-II compliant certification (e.g., Security+, CISSP, CISM).
• Strong written and verbal communication skills with the ability to explain technical topics clearly.

Desired Qualifications

• Experience as a Security Control Assessor (SCA) or assessor support.
• Familiarity with FISMA, FISCAM, and federal audit requirements.
• Experience supporting cloud environments (AWS GovCloud preferred).
• Experience with automation or scripting to support security tasks.
• Strong understanding of Zero Trust principles.
• Experience supporting SAP/SAR or other high-side environments.

Peraton offers enhanced benefits to employees working on this critical National Security program, which include heavily subsidized employee benefits coverage for you and your dependents, 25 days of PTO accrued annually up to a generous PTO cap and eligible to participate in an attractive bonus plan

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.