[Hiring] Cybersecurity / ISSO SME @Ibis Public Sector

Role Description

Ibis Public Sector is seeking an Information Systems Security Officer (ISSO) to lead information security operations for a mission-critical DoD enterprise environment. This Cybersecurity Subject Matter Expert role is a key personnel position responsible for implementing the Risk Management Framework, ensuring continuous cybersecurity compliance, and managing the Authorization to Operate (ATO) lifecycle across cloud, SaaS, and PaaS assets.

• Serve as the Information System Security Officer (ISSO) for a DoD enterprise infrastructure operating on Oracle Cloud Infrastructure (OCI), ensuring systems maintain valid ATOs and ATCs.
• Lead and execute all RMF lifecycle activities, including SSP development and maintenance, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and control assessments within eMASS.
• Conduct continuous monitoring of cybersecurity controls aligned with NIST SP 800-53, DISA STIGs, FISMA, and DoDI 8510.01, maintaining systems in a constant state of compliance.
• Oversee weekly STIG and vulnerability reporting, IAVM compliance coordination, and vulnerability remediation prioritization in adherence to JFHQ-DODIN timelines (Critical ≤7 days, High ≤21 days).
• Manage and update POA&Ms within 10 business days of changes; submit monthly POA&M reports to stakeholders and integrate remediation tasks into Agile development workflows.
• Direct and mentor the Junior Cybersecurity Analyst, delegating and reviewing vulnerability reporting, compliance documentation, and audit support activities.
• Coordinate directly with the DMDC Authorizing Official (AO), ISSM, NIWC, and CSSP providers to support audits, CORA assessments, DoD IG reviews, and penetration testing activities.
• Develop and maintain Privacy Impact Assessments (PIAs) and System of Record Notices (SORNs) in accordance with DoD privacy requirements.
• Integrate cybersecurity scanning tools (ACAS/Nessus, Fortify SCC, OpenSCAP, Fortify, SonarQube) into CI/CD pipelines, enforcing shift-left security practices within the DevSecOps framework.
• Maintain eMASS documentation including control implementation evidence, STIG checklists, and scan results mapped to applicable security controls.

Qualifications

• Active DoD 8570 IAM Level II or III certification required; acceptable certifications include CISSP, CAP, CISM, GSLC, or CCISO.
• DoD 8570 IAT Level II baseline certification (e.g., Security+ CE, CCNA Security, CySA+) required.
• 5+ years of experience in DoD cybersecurity, with demonstrated expertise implementing the Risk Management Framework (RMF) and managing ATOs in eMASS.
• Deep knowledge of NIST SP 800-53/800-37, DISA STIGs, FISMA, FISMA, DoDI 8510.01, and JFHQ-DODIN vulnerability remediation timelines.
• Hands-on experience with cybersecurity tools including ACAS (Nessus), Fortify SCC, OpenSCAP, Splunk, SAST/DAST scanning tools, and Cloud Guard.
• Experience operating in OCI, AWS, or equivalent cloud environments within a DoD authorization boundary.
• Ability to work within a multi-organization access architecture (e.g., DMDC, DISA JSP, CSP) and coordinate cross-boundary incident response and compliance activities.
• Strong written and verbal communication skills; ability to brief senior Government stakeholders and produce high-quality compliance documentation.
• Must be able to obtain and maintain a Public Trust clearance.

Benefits

• Flexible time off for vacation and personal time.
• Participation in the firm’s Benefits Program, including medical, dental, vision, life, group voluntary benefits, individual voluntary benefits, short-term disability, flexible spending accounts, and parental leave benefits.
• Short-Term and Long-Term Disability at no cost, company-covered Life Insurance, access to group legal services, identity theft protection through LifeKeys services, etc.
• After three months of service, you can join the company's 401(k) plan with company contributions.
• The anticipated salary range for this position is $185,000.00-$200,000.00.

Company Description

Ibis Public Sector, formerly known as Isobar Public Sector, is a trusted digital navigator delivering customer-centric solutions to the US Government, Public Sector, and Educational Institutions. We utilize human-centered design, emerging technology, and data-driven transformation to formulate digital solutions to deliver on our client’s modernization goals and improve mission performance.

We put our people first, above all else. We lead authentically and believe investing in our people is the key to our success. In doing so, we enable purposeful collaboration with our people, stakeholders, and clients, successfully striving for dynamic growth and intentional progress.