CrawlJobs Logo

Vulnerability Management Lead, Information System Security Officer

United States, Lexington Park 100000.00 - 145000.00 USD / Year · Job Posted January 06, 2026
Apply Position
Job Link Share

Job Description

Vulnerability Management Lead, Information System Security Officer (ISSO) will support the Unmanned Carrier Aviation Program Office (PMA-268) at Patuxent River Naval Air Station in Lexington Park, MD. PMA 268 is responsible for the MQ-25 Stingray unmanned air system.

Job Responsibility

  • Assess and validate PMA-268 RMF packages (Authorizations to Operate (ATOs) and Interim Authorizations to Test (IATTs)
  • Coordinate development of the Security Assessment Plan (SAP) with Integrated Product Team (IPT) SSE and system ISSO
  • Submit SAP for approval
  • Execute the SAP
  • Provide a summary of failed controls in Enterprise Mission Assurance Support Service (eMASS) (Risk Assessment)
  • Complete the Security Assessment Report (SAR)
  • Provide POA&M update recommendations to the PMA/IPT based on assessment results
  • Ensure traceability of all vulnerabilities from raw assessment results to the POA&M
  • Support Continuous Monitoring (ConMon) activities (e.g. annual security reviews, system/changes/ Memorandums for the Record (MFRs))
  • Create consolidated list of mitigation statements for POA&Ms (unclassified) to assist ISSOs with established mitigation statements for common non-compliant security controls
  • Establish and execute a PMA-268 vulnerability management program, to include developing guidance for VRAM record creation and management
  • Develop a PMA Vulnerability and Patch Management Policy
  • Coordinate development of System level Vulnerability and Patch Management Plans (VPMP)
  • NAVAIR Rapid Response Lead for PMA-268
  • Attend Rapid Response meetings
  • Coordinate consolidated PMA-268 responses to Orders received (i.e. EXORD, OPORD, TASKORD)
  • Monitor the NAVAIR Vulnerability Management Channel for notifications daily
  • Maintain the PMA-268 Cyber Directive Status tracker
  • Create and maintain a Cyber Directives tracker on SIPR summarizing the orders
  • Manage PMA-268 Portfolio VRAM records
  • Support PMA-268 Cyber Lead in execution of the PMA-268 Cybersecurity Program
  • Provide assistance and guidance to PMA-268 ISSOs
  • Update and sustain PMA-268 RMF Training Slides
  • Assist in the development of eMASS Common Control Packages (CCPs)
  • Develop RMF security control family templates
  • Develop PMA Incident Response Plan
  • Coordinate and provide oversight for all MOU/ISA efforts required in support of cyber authorizations or system use

Requirements

  • Strong customer relations, analytics, documentation skills
  • Self-starter, highly motivated, strong work ethic with a commitment to quality
  • Microsoft office suite proficiency, i.e., Word, Excel, PowerPoint
  • Ability to work within a challenging, fast-paced, team-oriented environment
  • Ability to work independently
  • Ability to multi-task and meet competing, deliverable deadlines
  • Detail oriented
  • Excellent interpersonal and customer service skills
  • Excellent verbal and written communication skills to provide clear status and/or communicate issues
  • Ability to adapt to evolving technology
  • Demonstrated experience in an area of engineering expertise is required
  • Bachelor’s degree in technical or scientific field from an accredited college or university
  • Three (3) years of recent and relevant experience
  • This position requires an Active Secret Security Clearance
  • U.S. Citizen

What we offer

  • Medical Coverage
  • Employer Paid Dental, Vision, Basic Life/AD&D, Short-Term/Long-Term Insurance
  • Health Savings Account with Contribution by Employer
  • 401K Plan with Employer Matching
  • Annual Discretionary Bonuses
  • Paid Time Off
  • Eleven (11) Paid Holidays
  • Certification reimbursement program
  • Tuition Reimbursement Program
  • Paid Parental Leave
  • Employee Assistance Program (EAP)
  • Rewards and recognition programs
  • Community outreach events through our KAIROS Kares group

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Vulnerability Management Lead, Information System Security Officer

8 matching positions

SCIF Manager / Information System Security Officer

Astrion has an exciting opportunity for an SE-3 SCIF Manager/ ISSO Mid-Level at ...
Location
Location
United States , Eglin Air Force Base
Salary
Salary:
Not provided
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in a technical discipline and a minimum of 3 years of technical experience. Additional experience may be substituted for education
  • Active Top Secret, Top Secret/SCI eligibility required
  • U.S. Citizenship is required
  • Must possess a DOD 8140, DoD Cybersecurity Workforce Framework (DCWF) certification or higher
  • As the SCIF Manager – knowledgeable professional with a solid background in secure facility operations and national security compliance
  • As the ISSO - experience with implementing and maintaining security controls
  • Experience in monitoring the systems for vulnerabilities and ensuring that all security patches and updates are applied
  • Understanding of Air Force cybersecurity policies and procedures using Air Force guidance
  • Organized, detail-oriented expert capable of maintaining the highest standards of information security while managing complex facility requirements
  • Excellent communication and customer interface skills
Job Responsibility
Job Responsibility
  • Respond to Information System Security Manager’s guidance in maintaining compliance with system security requirements
  • Lead the daily operations, maintenance, and security of Sensitive Compartmented Information Facilities (SCIFs), ensuring all systems comply with applicable security protocols and federal guidelines, including ICD 705, NISPOM, and DoD regulations
  • Implement and maintain security controls for information systems within the SCIFs
  • Monitor the systems for vulnerabilities and ensuring that all security patches and updates are applied
  • Assist with the implementation and enforcement of all Air Force cybersecurity policies and procedures using Air Force guidance
  • Accomplish cybersecurity incident monitoring and response
  • Manage multiple SCIF accreditation processes from start to finish, including coordination with accrediting authorities, documentation preparation, inspections, and audits
  • Establish and enforce physical and technical security standards within SCIF environments
  • Ensure strict control over access, surveillance systems, secure communications, TEMPEST requirements, and secure storage
  • Lead and mentor personnel involved in SCIF operations, including special security representatives and facility support staff
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
  • Fulltime
Read More
Arrow Right

Lead Information Systems Security Officer (ISSO)

We are seeking an experienced and driven Lead Information Systems Security Offic...
Location
Location
United States , Colorado Springs
Salary
Salary:
97016.00 - 168692.00 USD / Year
arcfield.com Logo
Arcfield
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree (8-10 years' exp). Master's degree (6-8 years' exp) or a PhD (3-5 years' exp) in Computer Science, Information Security, Cybersecurity, or a related discipline (or equivalent work experience)
  • 7+ years of experience in cybersecurity or system security-related roles
  • 3+ years of experience in leadership, mentoring, or team management roles in a security-focused environment
  • Proven hands-on experience with security operations, policies, and frameworks
  • Must possess and maintain an ACTIVE TS/SCI CLEARANCE
  • Strong knowledge of cybersecurity frameworks and standards, such as NIST Risk Management Framework (RMF), FISMA, ISO 27001/27002, and GDPR
  • Thorough understanding of operating systems security (Windows, Linux, and Unix), network protocols, and security tools such as firewalls, VPNs, IDS/IPS, and endpoint protection
  • Experience using vulnerability scanning tools such as Nessus, Qualys, or Rapid7, and security information and event management (SIEM) tools like Splunk or LogRhythm
  • Scripting and automation experience with languages like Python, PowerShell, or Bash is preferred
  • Familiarity with cloud security best practices for platforms such as AWS, Microsoft Azure, or Google Cloud Platform
Job Responsibility
Job Responsibility
  • Manage and oversee a team of ISSOs, analysts, and engineers
  • Provide mentorship, training, and guidance for developing team members' skills and expertise
  • Assign and prioritize security-related tasks and initiatives
  • Drive the implementation of best practices for system security
  • Serve as the primary SME on security policies, frameworks, and applicable standards
  • Develop, implement, and maintain System Security Plans (SSPs)
  • Lead periodic risk assessments and vulnerability assessments
  • Manage the certification and accreditation (C&A) process
  • Conduct security audits and reviews
  • Monitor and assess security-related control systems
What we offer
What we offer
  • Health Insurance
  • Life Insurance
  • Paid Time Off
  • Holiday Pay
  • Short Term and Long-Term Disability
  • Retirement and Savings
  • Learning and Development opportunities
  • wellness programs
  • Fulltime
Read More
Arrow Right

System Engineer - Information Systems Security Officer

Founded in 2007 and headquartered in Columbia, Maryland, Synergy ECP is a leadin...
Location
Location
United States , Annapolis Junction
Salary
Salary:
150000.00 - 200000.00 USD / Year
synergyecp.com Logo
Synergy ECP
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must possess active TS/SCI with polygraph clearance
  • Fourteen (14) years' experience as a SE in programs and contracts of similar scope, type and complexity
  • Bachelor's degree in System Engineering, Computer Science, Information Systems, Engineering Science, Engineering Management, or related discipline from an accredited college or university
  • Five (5) years of additional SE experience may be substituted for a bachelor's degree
Job Responsibility
Job Responsibility
  • Analyzes user's requirements, concept of operations documents, and high-level system architectures to develop system requirements specifications
  • Analyzes system requirements and leads design and development activities
  • Guides users in formulating requirements, advises alternative approaches, and conducts feasibility studies
  • Provides technical leadership for the integration of requirements, design, and technology
  • Incorporates new plans, designs and systems into ongoing operations
  • Develops technical documentation
  • Develops system Architecture and system design documentation
  • Guides system development and implementation planning through assessment or preparation of system engineering management plans and system integration and test plans
  • Interacts with the Government regarding Systems Engineering technical considerations and for associated problems, issues or conflicts
  • Ultimate responsibility for the technical integrity of work performed and deliverables associated with the Systems Engineering area of responsibility
What we offer
What we offer
  • Highly competitive compensation
  • Comprehensive Health Benefits package
  • 401K Retirement plan
  • People Partners to help navigate both personal and professional worlds
  • Strong wellness related resources offered through our healthcare provider
  • Company-sponsored continuing education program
  • Generous Paid Time Off
  • 11 paid holidays a year
  • Flexible work options
  • Participation in philanthropy and volunteer opportunities
  • Fulltime
Read More
Arrow Right

Information System Security Engineer - Senior

In support of a challenging, critical, and rewarding program that provides integ...
Location
Location
United States , Warrenton
Salary
Salary:
185000.00 USD / Year
amentum.com Logo
Amentum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must have active Top-Secret clearance with SCI or TS with the ability to acquire SCI
  • Knowledge and experience with NESSUS/ACAS and Trellix administration
  • Experience in Splunk role while working in a Splunk Clustered Environment
  • Must be able to work a 40-hour work week, normally Monday through Friday
  • Ability to work overtime during critical peaks and be available to meet last-minute requests for overtime if needed
  • Ability to travel (5-10%) primarily within 75 miles
  • Familiarity with MS Office applications such as Excel, Word, Outlook, SharePoint, Project, and Visio
  • Exceptional attention to detail
  • excellent verbal and written communication skills
  • strong critical thinking, organizational, time-management, and problem-solving skills
Job Responsibility
Job Responsibility
  • Endpoint Security Engineering (Trellix/ePO): Expertly design, configure, and maintain Trellix components (ePO, Trellix Agent, DLP, HIPS, Policy Auditor, ABM, and VSE) across Windows and Linux environments
  • Author and deploy endpoint security policies for ENS modules (Threat Prevention, Firewall, Web Control) based on DISA STIGs and organizational needs
  • Develop custom signatures, rules, and exceptions to address zero-day threats and specific operational requirements
  • Validate custom exceptions to ensure uninterrupted operation of mission-critical processes without compromising compliance
  • Vulnerability Management (ACAS/Nessus): Design enterprise-wide vulnerability scanning strategies and manage the deployment of Security Centers and Nessus scanners
  • Serve as the final escalation point for complex scan issues, credentialing problems, and system communication failures
  • Configure automated reporting of compliance data to continuous monitoring systems and risk-scoring repositories
  • Security Integration & Engineering: Integrate Trellix and ACAS with tools such as Splunk, XSOAR, and ServiceNow to automate workflows and enhance incident response
  • Provide authoritative recommendations and ACAS-generated artifacts to support the Assessment and Authorization (A&A) process and RMF packages for Authority to Operate (ATO)
  • Lead the maintenance and scalability of test, development, and operational environments, collaborating with Network and DevSecOps teams to enhance resilience
What we offer
What we offer
  • Health, dental, and vision insurance
  • Paid time off and holidays
  • Retirement benefits (including 401(k) matching)
  • Educational reimbursement
  • Parental leave
  • Employee stock purchase plan
  • Tax-saving options
  • Disability and life insurance
  • Pet insurance
  • Fulltime
Read More
Arrow Right

Chief Information Security Officer

Location
Location
Egypt , New Cairo
Salary
Salary:
Not provided
ethicshr.com Logo
Ethics HR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s/Master’s degree in Information Security, Computer Science, Engineering, or related field from a reputable university
  • 12-15+ years of progressive experience in information security, cybersecurity, or technology risk roles, preferably in banking or financial services
  • Strong knowledge of Central Bank of Egypt cybersecurity frameworks, digital banking guidelines, and financial-sector regulations
  • Deep understanding of security technology, network security, IAM, application security, and SOC operations
  • Experience overseeing incident response, security architecture, and enterprise-wide risk management
  • Professional certifications preferred (CISSP, CISM, CRISC, CCSP or equivalent)
  • Strong knowledge of international standards like ISO 27001/27002 and global best practices for financial data protection
  • Strong leadership, communication, and stakeholder management skills with the ability to influence senior executives and steer enterprise-level decisions
Job Responsibility
Job Responsibility
  • Define and execute the bank’s enterprise information security strategy in alignment with the business and regulatory requirements
  • Establish security governance frameworks, policies, and standards across all technology and business functions
  • Oversee cybersecurity programs including threat detection, incident response, vulnerability management, and security operations
  • Lead enterprise-wide technology risk management, ensuring effective identification, assessment, and mitigation of risks
  • Ensure full compliance with Central Bank of Egypt cybersecurity mandates, digital banking requirements, and data protection regulations
  • Develop and manage the Cloud Security Architecture (e.g., AWS, Azure) strategy, ensuring secure configuration and compliance for all digital infrastructure
  • Establish Security Metrics and Key Risk Indicators (KRIs) for regular reporting to the Board and Executive Committee, demonstrating the effectiveness of the security program
  • Implement and govern API Security standards and best practices to protect data exchange within the digital ecosystem and external partners
  • Formally manage and sign off on outsourcing security agreements (third-party risk) to meet specific CBE requirements for external service providers
  • Coordinate internal and external audits, penetration tests, and security assessments
Read More
Arrow Right

Information Security Officer

This role plays a vital part in the development and delivery of a comprehensive ...
Location
Location
United Kingdom
Salary
Salary:
40000.00 GBP / Year
webrecruit.co Logo
Webrecruit
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience working with Service Management processes based on the ITIL methodology
  • Experience of implementing ITSM policies across a large organisation
  • Experience architecting and implementing security solutions, policies, and technologies
  • Experience of implementing DR and BCP systems and procedures, within the context of IT
  • Ability to manage and deliver Projects through to successful conclusion
  • Extensive experience of the Cyber Essentials standard
  • Knowledge/Experience of implementing a SIEM solution
  • Able to implement/facilitate the actions arising from PEN testing
  • Able to carry out vulnerability scanning and manage the actions there from using Manage Engine tools
  • Ability to build and publish security policies as required by the group
Job Responsibility
Job Responsibility
  • Providing security management of Sue Ryder’s IT systems and services, ensuring that active directory, anti-virus, firewalls, disaster recovery, business continuity, vulnerability testing and secure working practices are implemented and maintained
  • Implement and monitor information security policies and procedures in line with frameworks such as ISO and PSN
  • Lead on the appropriate security requirements needed for various projects
  • Plan, conduct, and lead on complex reviews to evaluate compliance with our various legal requirements
  • Actively take the lead and resolve any security vulnerabilities and threats
What we offer
What we offer
  • Company pension scheme
  • 27 days holiday - rising to 33 with length of service plus bank holidays
  • Enhanced maternity and paternity pay
  • Enhanced sick pay
  • Employee Networks - LGBTQ+, Ethnic Diversity and Equality, People with Disabilities, and Women and Non Binary Individuals
  • Staff discount of 10% on new goods online at shop.sueryder.org
  • Structured induction programme and learning and development opportunities
  • Fulltime
Read More
Arrow Right

Chief Information Security Officer

We are seeking an experienced Chief Information Security Officer to lead our inf...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
sokin.com Logo
Sokin
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years in information security with 5+ years in senior security leadership roles
  • Experience in regulated financial services (payments, banking, or fintech)
  • Track record of building and leading security teams in scale-up environments
  • Experience with FCA regulation, PCI-DSS compliance, and financial services audits
  • Hands-on experience with security incident response and crisis management
  • Deep knowledge of AWS security services (GuardDuty, Security Hub, WAF, KMS, CloudTrail, Config)
  • Experience with containerised environments (EKS/Kubernetes) and serverless security
  • Strong understanding of network security, zero trust architecture, and micro-segmentation
  • Proficiency with SIEM platforms (Splunk, Datadog Security, or equivalent)
  • Knowledge of application security tools: Wiz, SonarQube, Burp Suite, OWASP ZAP
Job Responsibility
Job Responsibility
  • Define and execute the enterprise information security strategy aligned with business objectives
  • Establish and maintain the Information Security Management System (ISMS) to support constant certification readiness with PCI DSS, ISO 27001 and SOC2
  • Own security policies, standards, and procedures across the organisation
  • Report to the Board and senior leadership on security posture, risk exposure and programme maturity
  • Manage security budget and resource allocation
  • Lead enterprise security risk assessments and maintain the infosec item on the risk register
  • Ensure compliance with FCA operational resilience requirements and SYSC guidelines
  • Maintain PCI-DSS Level 1 compliance across payment processing infrastructure
  • Oversee GDPR, UK Data Protection Act, and international privacy compliance
  • Manage relationships with external auditors, penetration testers, and regulatory bodies
What we offer
What we offer
  • Competitive salary and equity participation
  • Hybrid working with flexibility
  • Private healthcare
  • Pension contribution
  • Professional development budget
  • Opportunity to shape security strategy at a high-growth fintech
Read More
Arrow Right

Information Systems Security Officer

This position provides support to the 46 Test Squadron - Sensors and Defensive S...
Location
Location
United States , Eglin Air Force Base
Salary
Salary:
Not provided
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in a technical field and 3 - 10 years of relevant experience
  • An active Secret security clearance eligibility, and the ability to obtain and maintain a Top-Secret SCI security clearance and SAP program access
  • U.S. Citizenship is required for all applicants
  • Past DoD cybersecurity experience is required
  • Background in Special Access Programs (SAP) Cybersecurity with demonstrated expertise with on-prem and cloud-based networks
  • Understanding of the Risk Management Framework (RMF) lifecycle for DoW systems in a SAP environment, specifically experience in NIST 800-53 security controls and the Joint Special Access Program Implementation Guide (JSIG)
  • Knowledge of and experience designing, developing, and managing IT and cyber systems with the ability to evaluate emerging technologies and integrate them into existing architectures
  • Knowledge of and experience planning, organizing, and directing IT activities which comply with legal, regulatory, and AF/DoW-directed requirements and meet mission and customer needs
  • Ability to plan, organize, and lead others in studies or projects and to implement recommendations which may require substantial resources and/or require extensive procedural changes
  • Strong project management skills with meticulous record keeping
Job Responsibility
Job Responsibility
  • Risk Management Framework (RMF) and System Authorization: Lead and implement the full lifecycle of the Assessment and Authorization (A&A) process for classified information systems, ensuring compliance with government frameworks and other relevant directives
  • Security Control Implementation and Assessment: Implement, assess, and monitor security controls to safeguard classified networks and information
  • Vulnerability Management and Mitigation: Perform regular vulnerability and risk assessments to identify and prioritize threats and create POA&Ms to address them
  • Performs Security Technical Implementation Guide (STIG) assessments and Assured Compliance Assessment Solution (ACAS) scans as required
  • Applies Secure Technical Implementation Guide (STIG) best practices to a wide range of information systems, networking equipment, and software
  • Incident Response and Reporting: Act as a key player in incident response activities, including investigation and reporting
  • Configuration Management and System Integrity: Provide configuration management for all security-related software, hardware, and firmware. Ensures system changes are conducted in accordance with security policy and procedures
  • Security Documentation and Compliance: Prepare, review, and maintain all security documentation, ensuring they are current and accessible. In coordination with the ISSM, develop system-level security procedures that are consistent with cybersecurity policies. Prepares and reviews comprehensive security documentation, including System Security Plans (SSPs), Risk Assessment Reports, Plan of Action and Milestones (POA&M), network hardware and software baselines, and Authorization To Operate (ATO) packages
  • Security Awareness and Training: Develop and provide security-related training to all personnel with access to classified systems, ensuring they are aware of their responsibilities and the latest security procedures. You will promote a culture of security awareness to minimize violations
  • Liaison and Communication: Serve as a primary point of contact and interface with government customers, suppliers, and internal company personnel to implement protective mechanisms and ensure compliance with all cybersecurity requirements
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
Read More
Arrow Right