Senior Information System Security Officer (ISSO)

Peraton Labs is seeking a poly cleared Senior Information System Security Officer for a mission-critical, highly complex HPC environment enabling research across multiple security domains. You will own day-to-day security operations aligned to RMF, drive continuous monitoring, maintain ATO posture, and partner closely with subcontractor and customer personnel.

This position requires full-time on-site work in Laurel, or a customer site near College Park, MD.

Key responsibilities may include

• Lead or co-lead ATO/reauthorization efforts for complex boundary systems
• Mentor junior ISSOs and shape security operations playbooks
• Perform risk analysis and author formal recommendations to leadership
• Drive security engineering outcomes by partnering with internal teams on scalable compliance patterns
• Brief senior internal and customer stakeholders on security posture, systemic risk trends, remediation burn-down, and authorization readiness
• Act as the Senior ISSO supporting the system security lifecycle across development, operations, and modernization
• Execute and maintain RMF activities (e.g., control implementation oversight, evidence collection, assessment support, POA&M management, continuous monitoring)
• Maintain security authorization artifacts (e.g., SSP, control narratives, diagrams, inheritance/leverage controls, CM plan, incident handling plan, contingency artifacts, user/admin procedures)
• Operate continuous monitoring: vulnerability management, config compliance, patching coordination, scan result triage, risk acceptance, and remediation verification.
• Review and approve security-relevant changes through configuration/change control and validate security configurations after major upgrades
• Support incident response and reporting: participate in investigations, coordinate containment actions, preserve evidence, and contribute to post-incident lessons learned
• Ensure least privilege/access governance: account management oversight, privileged access workflows, periodic access reviews, and audit compliance requirements
• Translate security requirements into implementation guidance that engineering teams can operationalize (clear, testable, and automatable where possible)

Required qualifications

• 12+ years of experience and a BS in Computer Science, Cybersecurity, or related technical discipline, MS and 10+ years of experience, or a PhD and 8+ years of experience. Four years of additional experience is required in lieu of a Bachelors’ degree for a total of 16 years of experience
• 8+ years of experience in information security/compliance supporting DOD/IC or government systems, including ownership of major RMF deliverables and ATO events for complex systems
• Demonstrated leadership experience coordinating across security, engineering, and customer stakeholders
• Ability to provide mentorship and direction to team members
• Proven ability to write risk decisions and packages that stand up to assessor/AO scrutiny
• Deep understanding of continuous monitoring at scale (recurring evidence, metrics, audit readiness, remediation governance)
• Hands-on experience executing RMF tasks and maintaining authorization artifacts (SSP, POA&Ms, continuous monitoring evidence)
• Strong working knowledge of NIST SP 800-53 controls and how they map to technical implementations and procedures
• Experience with vulnerability and configuration compliance workflows
• Familiarity with Linux-based enterprise environments and common hardening concepts
• Ability to communicate risk clearly to both technical engineers and non-technical leadership
• One or more active/current certifications such as: CISSP, CISM, CAP, GSLC, Security+, CCSP, INCOSE, CCNA, RHCE, MCSE, VCP, ITIL, PMP, Agile, and etc.
• This position requires an active/current TS/SCI w/ Polygraph.

Preferred qualifications

• Experience securing or assessing containerized workflows (e.g., container runtime hardening, image governance, supply chain considerations)
• Experience with eMASS (or comparable GRC tooling), security control inheritance models, and assessor engagement.
• Familiarity with vulnerability tooling and security monitoring concepts
• Experience with data protection requirements relevant to sensitive environments