Information Security Officer
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Security Officer managing cybersecurity posture for federal agencies with eSimplicity. Providing security support services for compliance and remediation in complex digital environments.
Responsibilities:
- Work closely with the Product Owners, ISSOs, engineering and infrastructure staff to provide guidance on implementation if security policies, standards, and procedures
- Analyze new or updated security requirements, collaborate with stakeholders, and develop responses that are clear and accurate
- Support the review and update of ATO artifacts such as System Security Plans, Information System Contingency Plans, Configuration and Change Management Plans, Incident Response Plans, Privacy Impact Analysis, and more.
- Interpret security risk assessment, review security scan results, assess security vulnerabilities and support the development and remediation of vulnerability and compliance issues via Plan of Action and Milestones (POA&Ms)
- Support the development of implementation and design documentation relating to security feature implementation
- Work with engineering and infrastructure personnel to document remediation for vulnerabilities and non-compliance issues
- Analyze and interpret agency security requirements and provide governance communication to non-security personnel
- Collaborate with product teams, ISSOs and other stakeholders in support of continuous monitoring and ATO efforts
- Conducts vulnerability assessments and monitors systems, networks, databases and Web-based assets for potential system breaches.
- Recommends and takes the lead on implementing changes to enhance security systems, prevent unauthorized access, and help mitigate security vulnerabilities.
- Responds to alerts from information security tools.
- Reports, investigates, and resolves higher level security incidents.
- Responds to security tool outages, degradations in service, tune security rules and alerts, and setup/maintain security tool dashboards and reporting.
- Research security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach.
- Ensures compliance with regulations and privacy laws.
- Conducts research to identify new attack vectors.
- Educates and communicates security requirements and procedures to all users and new employees.
- Recommend process improvements to the information system for risk mitigation.
- Applies iterative security automation to all program aspects increasing overall security posture iteratively and never accepts the status quo.
- Provide audit log review in Splunk, present any findings to ISSO, and plan for any investigation or remediation activities.
- Periodic user and privileged access reviews.
Requirements:
- Minimum of 8+ years of progressive experience in information security, cybersecurity engineering, or system security roles, with demonstrated technical depth and increasing responsibility.
- A bachelor's degree in computer science, Information Systems, Engineering, Business, or other related scientific or technical discipline.
- Significant hands-on experience supporting large Federal Government security programs, including operation within FISMA-regulated environments and direct alignment with CMS ARS 5.0+ requirements.
- Proven experience owning and maintaining an Authorization to Operate (ATO), including authoring, updating, and defending security artifacts such as System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), Incident Response Plans, Configuration Management Plans, Privacy Impact Assessments, contingency plans, and related documentation.
- Strong practical knowledge of NIST Risk Management Framework (RMF) and NIST 800-53 Rev. 5, with the ability to translate control requirements into actionable technical and operational security implementations.
- Demonstrated hands-on experience managing vulnerability and compliance scanning programs, including configuration, operation, interpretation of results, and remediation tracking using tools such as Tenable, AWS Security Hub, and Snyk.
- Ability to assess security findings, determine risk severity, prioritize remediation, and drive closure in close collaboration with engineering, infrastructure, and DevSecOps teams.
- Strong hands-on experience securing cloud-based environments, with a focus on AWS (IAM, GuardDuty, CloudTrail, Security Hub) and SaaS platforms.
- Demonstrated ability to embed security into DevSecOps and CI/CD pipelines, including defining security decision gates and integrating automated security testing and continuous monitoring.
- Experience performing Security Impact Analyses (SIAs), access reviews, and least-privilege enforcement across cloud, application, and CI/CD environments.
- Proven ability to configure, operate, and tune security tools, respond to alerts, and maintain dashboards and reporting for visibility into vulnerability, compliance, and overall security posture.
- Experience operating within Agile / SAFe delivery models, participating in sprint planning, PI planning, backlog refinement, and cross-team coordination to ensure security is embedded in delivery.
- Strong written and verbal communication skills, with the ability to clearly articulate security risks, requirements, and remediation strategies to technical teams, leadership, and government stakeholders.
- Ability to work independently and as part of a cross-functional team, managing multiple priorities in a fast-paced, highly regulated environment.
- Ability to obtain and maintain a Public Trust clearance and have resided in the United States for at least 3 of the last 5 years.
Benefits:
- Highly competitive salary
- Full healthcare benefits
Similar Jobs
Lead Technical Consultant, Cybersecurity Defense
Lead Technical Consultant managing Cyber Defense projects across Germany, Austria, and Switzerland. Responsible for technical implementation and innovation in Cyber Defense architectures.
Staff Security Product Engineer
Security Engineer building AI-driven security products for application security and operations. Collaborating with product teams to design systems that act on security signals and workflows.
Cybersecurity Risk Engineer
Designing and maintaining secure cloud infrastructures as a Cybersecurity Engineer at Ensemble Health Partners. Focused on enhancing security controls and analyzing potential vulnerabilities in cloud structures.
Engineer, Cybersecurity Risk
Engineer II, Cybersecurity designing and maintaining secure infrastructures for Ensemble Health Partners, while analyzing cloud structures for enhanced security methods.
Senior AI Cybersecurity Engineer
AI Cybersecurity Engineer designing and executing cybersecurity-focused AI governance programs. Collaborating with cross-functional teams on secure AI solutions and policies while ensuring compliance and risk management.
Technical Writer, Cybersecurity
Technical Writer ensuring clarity and consistency in federal cybersecurity documentation. Edit and format various technical documents while collaborating with analysts and SMEs.
Cybersecurity Program Manager
Cybersecurity Program Manager overseeing contract performance and managing cybersecurity teams for federal clients in a remote capacity. Ensuring quality, audit-ready security assessment services are delivered.
Information Security Engineer
Information Security Engineer assessing web technologies and coordinating remediation at G-P. Collaborating with teams to enhance application security and develop automation tools.
Cybersecurity Compliance Lead
Cybersecurity Compliance Lead at Fresche Solutions responsible for leading the cybersecurity compliance program and mentoring team members. Overseeing audits, developing strategies, and fostering a security culture.
Senior Security Architect
XAAS Consultant advising clients on IT Security, focusing on infrastructure, cloud, and application security. Involves hands-on security assessments and developing security architectures.
Security Specialist – Cryptography
Security Specialist focusing on Cryptography for remote projects at The Whiteam Consulting. Collaborating with technology consultants to optimize business profitability.
Protection and Security Specialist
Sicherheitskraft plant und setzt Maßnahmen zur Gefahrenabwehr für Veranstaltungen um. Zusammenarbeit mit Kunden und Behörden in einem der größten Messeunternehmen der Welt.
Information System Security Officer
Information System Security Officer managing security authorization for federal information systems. Overseeing RMF lifecycle activities and ensuring compliance with federal directives.
KMS Security Engineer – Security
KMS Security Engineer ensuring security in crypto wallets for a leading money app company. Responsible for mitigating security risks and collaborating with development teams to maintain security integrity.
Staff Security Engineer
Staff Security Engineer role at a Managed Service Provider overseeing security solutions across diverse clients. Focus on technical leadership, architecture, mentoring, and compliance.
Bug Bounty Security Researcher
Bug Bounty Security Researcher identifying and reporting vulnerabilities in software applications and systems for Inspectiv. Contributing to improving security and participating in bug bounty programs.
IT Security Compliance Assurance Manager – CAM
Information Security Compliance Assurance Manager at Gainwell, managing audits and compliance with HIPAA and NIST frameworks for the organization. Leading security controls and compliance efforts with executive stakeholders and IT.
Social Security Disability Case Manager
Social Security Disability Claims Case Manager at Mindset assisting clients with claims application processes. Responsible for gathering documentation and advocating for clients' claims.
Analyst – Cyber Security Compliance
Cyber Security Analyst conducting PCI Compliance assessments at global live entertainment company Live Nation. Assuring effective implementation of security controls aligned with organizational standards.
Cloud Security Engineer
Cloud Security Engineer ensuring cloud infrastructure security at Camping World. Bridging strategic security requirements with technical implementation in a fast-paced environment.