June 25, 2026For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above. It's a better process: facilitating a continuous ATO through real-time monitoring and dashboards that provide single pane of glass visibility into control compliance, zero-trust built-in to system design from day one, continuous evidence that gives auditors real-time proof instead of point-in-time packages, and an ATO that program teams can inherit rather than pursue.
Washington, D.C.1 day ago
With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale. Experience conducting incident response across vendors, internal stakeholders, and program owners, including implementing, and coordinating the response plan, overseeing the technical response, and coordinating with legal, technical, and communications teams.
p>Shift 1st shift United States of America Hours Per Week 40 Learn more about this role View transcript Close transcript Music in background throughout On screen copy Bank of America logo Technology Architect Technology Architect At Bank of America, I help shape the technology strategy that powers our global business. Information Security Architect - AI & Cloud Security is a senior member of the BISO Secure Solutions Design team responsible for defining secure architecture patterns, assessing emerging AIML solutions, and ensuring alignment with Global Information Security (GIS) policies and enterprise architecture strategies.
Arlington, VA30+ days ago
This position ensures information systems security compliance and manages security controls for DoD cloud migration projects while coordinating security accreditation activities and maintaining ongoing security posture. INFORMATION SYSTMES SECURITY OFFICER - CLOUD SECURITY SPECIALIST (NAUT): Bowhead seeks an Information Systems Security Officer (ISSO Cloud) to support our customer on the Nautical contract in the Arlington, VA area.
li>Escalates high-risk vendor scenarios to senior leadership with well-documented context and recommended actions (e.g., significant control gaps identified during assessment, vendors handling sensitive data without required safeguards, or unresolved critical findings nearing go-live timelines). Candidate will also assist in managing relationship with Service Providers who are responsible for the actual delivery of services, managing outcomes and results, and collaborating with stakeholders across IT and business departments to develop strategies for securing company information and assets.
li>Translating "Geek to Greek": The unique ability to explain a highly complex technical vulnerability to a non-technical Board member or leadership team using simple, non-alarmist analogies. Hands-on & Strategic Balance: Proven track record of operating at a high strategic level with the ability to "roll up your sleeves" to troubleshoot complex architectural issues, infrastructure outages, or urgent security incidents alongside engineers.
Washington, District of Columbia9 days ago
li>Provide leadership supporting a team to streamline and maintain a modern compliance model for cybersecurity safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.
Proactively identify, assess, and prioritize IT risks to data and systems in coordination with OT portfolio management and OERM including internal/external threats, cyber-crimes, and vendor/third-party risks; partner with OERM or relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
You will create a new Information Security software build capability, build new data storage and analytics capabilities to enable Data Science use cases, contribute to infrastructure and tooling initiatives for Microsoft Power BI and other reporting and metrics platforms, be the subject matter expert for our internal analytics products, and foster a high-performance culture and cultivate an environment that promotes excellence and reflects the TransUnion brand. You will work across multiple Cyber Fusion Engineering functions including Security Analytics Engineering, Attack Surface Management, and Cyber Threat Intelligence and Cybercrime, with a primary focus on building internally developed systems.
Reston, Virginia30+ days ago
You will work across multiple Cyber Fusion Engineering functions including Security Analytics Engineering, Attack Surface Management, and Cyber Threat Intelligence and Cybercrime, with a primary focus on building internally developed systems. Adherence to Company policies, sound judgment and trustworthiness, working safely, communicating respectfully, and safeguarding business operations, confidential and proprietary information, and the Company’s reputation are also essential expectations of this position.
Washington, DC30+ days ago
Contribute to the ongoing information security initiatives and improvements, development, implementation, and maintenance of information security for FLUOps Serves as an Information Security subject matter expert and participates in the development, implementation, and maintenance of information security for FLUOps Provides guidance and advocacy regarding the prioritization of investments that impact information security Advises management on risk issues related to information security and recommends actions in support of the banks wider risk management and compliance programs Monitors information security trends, internal and external to the bank, and keeps leadership informed Manages quality control and reporting Ensures compliance with policies and laws. Drives GISFLUOps risk deliverables Collaborates with risk partners on info security critical priorities Participates in senior FLUOps specific Risk Management & Business Continuity Routines Identifies and measures global information security GIS controls on most critical business processes or channels.
p>Candidate Resources Chantilly Charleston Colorado Springs Crane El Segundo Fort Meade Hampton Roads Hawaii Huntsville Reston San Diego Southern Maryland St. Louis Washington DC View All Locations Business Management Cyber Cloud Data Science DevSecOps Electrical Engineering Mechanical Engineering Network Engineering Software Engineering Systems Engineering Technical Support View All Career Fields. Please apply through the internal career site here > Address 12010 Sunset Hills Road Reston VA Facebook Page Instagram Feed X Feed Linkedin Page Youtube Page What We Do Mission IT Engineering Services Enterprise IT Professional Services Who We Serve Federal Civilian State and Local Defense Intelligence Community Space Contracts Who We Are About SAIC Investors Newsroom National Imperatives Partnerships Suppliers and Small Business Careers Employee Tools Contact Us 2025 SAIC.
li>Build and administer core network and systems security controls, including: Next Gen firewalls, ZTNA - Zero Trust Network Architecture, intrusion detection and prevention, anti-malware, application whitelisting, host intrusion prevention, endpoint detection and response (EDR), vulnerability scanners, content monitoring/filtering, and security monitoring (SIEM). This role is responsible for managing the controls that protect the organization''s computer networks, systems, and data from cyberattacks, working closely with IT teams to identify, assess, and mitigate security risks, and supporting incident response to contain the damage from security incidents and prevent future attacks.
Washington Dc, District of Columbia16 days ago
The Senior ISSO will ensure proper access controls are implemented for both system access and physical access to data processing facilities, track and suggest technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access, and research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and network and device security and encryption. Critical deliverables include preparing Security Test Plans 90 days prior to testing and Security Test Reports within 15 days after testing, generating Risk Assessment Reports within 0 to 15 days after analysis completion, and producing Weekly Activity Reports and Monthly Program Reports to track progress and compliance.
Washington Dc, District of Columbia16 days ago
Critical deliverables include preparing Security Test Plans 90 days prior to testing and Security Test Reports within 15 days after testing, generating POA&Ms within 0 to 15 days after vulnerability identification, and updating System Security Plans, Configuration Management Plans, and Contingency Plans annually or when changes occur. This position requires following the Information Systems Security Officer (ISSO) Guide when developing, updating, or reviewing required security artifacts and tracking and suggesting technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access.
Perform and support risk assessments, threat and vulnerability management, audits, and incident response activities, serving as a domain expert in coordination with the Computer Security Incident Response Team (CSIRT). What you will be doing: Acting as the primary information security partner to assigned business lines and operating companies, providing risk insights and practical mitigation guidance to strengthen the enterprise cybersecurity posture.
With annual revenue of US$57 billion in FY2025, Oracle is the world's largest EHR implementation, serving more than 9.5 million beneficiaries spanning the United States, Europe, and the Asia Pacific region; has 5 million registered members of Oracle's customer and developer communities; and 469 independent user communities in 97 countries representing more than 1 million members. About the Oracle Veteran Internship Program (OVIP):
Oracle is proud to sponsor an internship and integration program that exposes transitioning military veterans and active-duty Military Spouses new to the corporate culture, provides hands-on job-skill training and experience, and offers enhanced professional and personal development.
Gaithersburg, MD16 days ago
The ISSO is responsible for meeting regulatory and non-regulatory compliance (security best practices) demands, providing leadership over security assessment activities, working across system ownership and management organizations to test security controls, policies, and procedures, providing program management support, team leadership, and participating in and coordinating the support as needed for security assessment and activities The ISSO also manages and enforces government and corporate information security policies, provides training, and educates end users and program staff about proper security practices. The ISSO conducts security and risk assessments as required using a range of security accreditation frameworks (e.g., NIST, RMF, Common Criteria, DoD, the Intelligence Community Directives (ICDs)), and works to mitigate risks by applying security controls effectively to achieve an acceptable degree of operational risk.
Our talented team is at the forefront in Security Engineering, Computer Network Operations (CNO), Mission Software, Analytical Methods and Modeling, Signals Intelligence (SIGINT), and Cryptographic Key Management. Apply system security engineering expertise in areas such as system security design, life cycle, risk management, and security testing, using industry system security engineering methodologies.
Reston, Virginia16 days ago
Apply system security engineering expertise in one or more of the following to: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security testing. Mantis Security is a leading specialty firm of high caliber talent who specialize in Cyber Operations, Cyber Defense, Information Assurance, Software Development, DevSecOps, Security Engineering, and Cloud Engineering.
Washington, DC30+ days ago
p style="margin-bottom:26px">We are seeking a Junior Level ISSO to carry out the following duties and responsibilities: - Services to support IS Security performed by the Information System Security Officer (ISSO) at a minimum, shall consist of to the following activities:
- Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS. The contract’s support functions are: IA Management, Federal Information Security Management Act (FISMA) coordination and reporting, Risk Management Framework (RMF) application, IA compliance measurements and metrics, Assessment and Authorization (A&A), Vulnerability Management, and Cyber Defense support.
li>Assist in systems/software engineering functions, to include creation of data flow diagrams, interface control documents, perform trade studies, and Static Application Security Testing (SAST) for Application Security and Development Secure Technical Implementation Guide (STIG) compliance using tools such as Fortify/Coverity and Gitlab as part of a DevSecOps Continuous Integration/Continuous Deployment (CI/CD) Pipeline, and generation of summary reports. Perform skills in implementing/assessing security controls, to include writing system security categorization memorandum, recommending appropriate security control overlays, define security control baseline based on defined system security categorization and approved security overlays, and apply security controls to computing/network nodes and verify implementation of security controls.
Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law. For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
It's a better process: facilitating a continuous ATO through real-time monitoring and dashboards that provide single pane of glass visibility into control compliance, zero-trust built-in to system design from day one, continuous evidence that gives auditors real-time proof instead of point-in-time packages, and an ATO that program teams can inherit rather than pursue. You take pride in delivering high-quality work with minimal oversight, exercising sound judgment, and serving as a trusted cybersecurity advisor to both technical teams and leadership.
The Senior ISSO will ensure proper access controls are implemented for both system access and physical access to data processing facilities, track and suggest technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access, and research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and network and device security and encryption. Critical deliverables include preparing Security Test Plans 90 days prior to testing and Security Test Reports within 15 days after testing, generating Risk Assessment Reports within 0 to 15 days after analysis completion, and producing Weekly Activity Reports and Monthly Program Reports to track progress and compliance.
p>The position combines security operations leadership, regulatory and compliance ownership, and security product responsibility, ensuring that both internal systems and customer‑facing products meet security, resilience, and vulnerability management expectations throughout their lifecycle. This role oversees daily security operations, manages compliance and governance activities, and owns the integration of security and regulatory requirements, including those introduced by the Cyber Resilience Act, into product development, lifecycle management, and operational processes.
McLean, Virginia30+ days ago
p>· Experience: A minimum of 5-8 years of experience in information security engineering, system administration, and/or cybersecurity, with hands-on experience in implementing security controls and supporting authorization processes. · Collaboration and Guidance: Serve as a subject matter expert, providing guidance to development, engineering, and program teams on secure design, development, and secure coding techniques.
Washington, DC30+ days ago
The Opportunity: The Senior Information System Security Manager (ISSM) shall provide leadership and oversight for designated Information System Security Officers (ISSOs) and other cybersecurity personnel to support customer systems throughout the Risk Management Framework (RMF) lifecycle. Oversee execution of the NIST Risk Management Framework (RMF) for assigned systems (categorize, select, implement, assess, authorize, and monitor controls), ensuring artifacts and activities for each RMF step are planned, documented, and kept current.
Critical deliverables include preparing Security Test Plans 90 days prior to testing and Security Test Reports within 15 days after testing, generating POA&Ms within 0 to 15 days after vulnerability identification, and updating System Security Plans, Configuration Management Plans, and Contingency Plans annually or when changes occur. This position requires following the Information Systems Security Officer (ISSO) Guide when developing, updating, or reviewing required security artifacts and tracking and suggesting technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access.
p>The fraudulent LinkedIn messages and emails, which do not originate from any Executives LinkedIn account or of UnitedHealth Group's email domains, or those of any of its operating divisions, supposedly conducts an interview via a Zoom meeting, offers a work from home job at Optum, emails an application, sends a fake check by next day delivery through USPS and asks recipients to pay a vendor a large dollar amount. Own the end-to-end security architecture and operational strategy for enterprise edge security platforms, including Cloudflare and Akamai (covering WAF, DDoS, bot management, TLS, DNS, and edge traffic management).
p>Experience: Have Four years of related specialty IT experience (for example, but not limited to: system engineering, network engineering, information security, application programming, systems design, hierarchical/relational database management, GIS experience, custom report writing or developing and supporting cloud-based software integration). You can learn about our benefits here: https://humanresources.baltimorecity.gov/hr-divisions/benefits.
Washington, District of Columbia10 days ago
You’ll work across teams and integrate with other disciplines and teams for mission protection and success and serve as an expert for Classified National Security Information (CNSI), Controlled Unclassified Information (CUI), and Sensitive but Unclassified (SBU) information security programs, while supporting USCG-wide information security policy development, compliance, and training activities. The anticipated compensation range for this position is $60,000-130,000.Multiple considerations are taken into account when determining the final salary/hour rate, including but not limited to, Contract Wage Determination, education and certifications, relevant work experience, related skills and competencies, as well as Federal Government Contract Labor categories.
The role also supports the ability to maintain assurance in our technical security controls, especially on the Cloud, so that risks to the confidentiality, integrity, and availability of the bank's information systems and infrastructure are sufficiently mitigated which in turn, supports the bank's operational and compliance goals. City First Bank N.A. is a mission-driven Community Development Financial Institution (CDFI) principally focused on a transformative impact in underserved, urban markets with the highest needs to drive equitable economic development.
li>Support data validation and communications on the impact of identified operational, compliance, process, control, and tooling gaps and potential remediation courses of action to multiple audiences, including leadership, to support the enhancement of their cybersecurity postures.
Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, and User Access Management.
Washington, DC30+ days ago
Responsibilities: The Intermediate Information System Security Officer (ISSO) shall provide support to the designated Information System Security Officer (ISSO) to ensure customer systems maintain their Authority to Operate (ATO) with a security posture in accordance with DHS 4300A and NIST SP guidance. Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications.
li>You have experience in securing large-scale e-commerce platforms, with deep understanding of payments systems, customer data protection across high transaction environments ensuring protection of user data across internal and partner ecosystems.
2+ years of experience evaluating AI technologies and integrations for security, privacy, and compliance risks, with knowledge of common AI attack vectors, model vulnerabilities, prompt injection, data leakage, model abuse, and supply chain risks.
Quantico, Virginia30+ days ago
div>Requisition #: 1413
Job Title: Information Security Specialist
Clearance: Active TS Required
Location: Quantico, VA – 100% on-site
Travel: Not anticipated
Overview:
Agile Defense is an award-winning national security company looking for a Senior Systems Engineer to support our contract with a federal law enforcement agency.
This position will offer you a chance to support a federal agency by assessing, improving, monitoring, and documenting the security posture for an enterprise IT system.
About Agile Defense
At Agile Defense we know that action defines the outcome and new challenges require new solutions.
Washington, DC30+ days ago
p style="margin-bottom:26px">We are seeking a Senior Cloud ISSO to carry out the following duties and responsibilities: - Services to support IS Security performed by the Senior Cloud Information System Security Officer (ISSO) at a minimum, shall consist of to the following activities:
- Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS. The contract’s support functions are: IA Management, Federal Information Security Management Act (FISMA) coordination and reporting, Risk Management Framework (RMF) application, IA compliance measurements and metrics, Assessment and Authorization (A&A), Vulnerability Management, and Cyber Defense support.
Chantilly, Virginia18 days ago
li>Develop and maintain cybersecurity documentation supporting RMF and Assessment & Authorization (A&A) activities, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), risk assessments, and related artifacts. Minimum of three (3) years of experience supporting Information System Security Engineering (ISSE), cybersecurity engineering, information assurance, risk management, or related cybersecurity disciplines.
li>Coordinate and execute proactive Information Security consulting to the business and technology teams covering API Security, File Transfer, Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, Datalake Architecture, BI, and consumption tools, and User Access Management.
If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com.
li>Ensure that assigned systems are operated, maintained, and disposed of in accordance with applicable policies and procedures NIST SP 800-37, Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, DHS 4300A Policy and Handbook, CBP Information Systems Security Policies and Procedures Handbook (HB 1400-05), and internal CBP (i.e., Office of Information Technology, Security Operations Division, etc.) security policies and practices.
Develop, review, maintain, and provide system security documentation for assigned systems, including System Security Plans, Interconnection Security Agreements, Contingency Plans, Plans of Action and Milestones, (POA&M), Waivers, and Exceptions through the DHS FISMA system management tool in use to implement and manage the NIST Risk Management Framework.
Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. The ISSM will also play a key role in fostering a culture of security awareness across the organization and representing the organization in interactions with external stakeholders, including government agencies, auditors, and vendors.
In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. The Lead Information Security Engineer will serve as a technical expert, designing and implementing DDoS Mitigation for Federal Customers and providing subject matter expertise on worldwide DDoS threats.
p>Preferred Qualifications (Desired Skills/Experience): • 5+ years of experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs • 5+ years of experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS • 5+ years of experience assessing and documenting test or analysis data to show cyber security compliance.
Basic Qualifications (Required Skills/Experience):
• Successfully completed Tier 5 Investigation (T5), formerly known as a Single Scope Background Investigation (SSBI) by the federal government within the last 5 years, or requires candidate to have been enrolled in a Continuous Vetting program within the last 5 years • Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC, or CISM) • 5+ years of experience in cybersecurity policies and implementation of Risk Management Framework (RMF): e.g.
Springfield, Virginia1 day ago
ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3">Advise on system design and architecture from a security-first perspective — working with developers, engineers, and project managers to build protection in from day one. - 10+ years of experience in information security, data security administration, or a related discipline.
p>Option 1: Bachelor''s degree in computer science, information technology, engineering, information systems, cybersecurity, or related area and 2years' experience in systems and infrastructure engineering or related area at a technology, retail, or data-driven company. The engineer collaborates across teams to deliver robust, high-quality solutions while adhering to coding and security policies, contributing to continuous improvement and operational excellence within the information security domain.
Fairfax, Virginia12 days ago
AWS Certified Security - Specialty | Amazon Web Services (AWS) - Amazon Web Services (AWS), Certified Cloud Security Professional (CCSP) | International Information System Security Certification Consortium (ISC2) - International Information System Security Certification Consortium (ISC2), Certified Ethical Hacker (CEH) | EC-Council - EC-Council, Certified Information Systems Security Professional (CISSP) | International Information System Security Certification Consortium (ISC2) - International Information System Security Certification Consortium (ISC2)Experience:. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
Join our Talent Community to stay up to date on our career opportunities and events at.
In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Must hold at least one of the following IAT Level III qualifications: Certified Information System Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+), or other applicable IAT or IAM cybersecurity professional certifications.
In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts.
Bentonville, Arkansas US-09050: The annual salary range for this position is $110,000.00 - $220,000.00 Sunnyvale, California US-11656: The annual salary range for this position is $143,000.00 - $286,000.00 Herndon, Virginia US-10710: The annual salary range for this position is $132,000.00 - $264,000.00 Additional compensation includes annual or quarterly performance bonuses. Option 1: Bachelor''s degree in computer science, information technology, engineering, information systems, cybersecurity, or related area and 4years' experience in systems and infrastructure engineering or related area at a technology, retail, or data-driven company.
Herndon, Virginia26 days ago
p style="margin:0px">The position combines security operations leadership, regulatory and compliance ownership, and security product responsibility, ensuring that both internal systems and customer‑facing products meet security, resilience, and vulnerability management expectations throughout their lifecycle. The Senior Manager, Information Security is a key leadership role responsible for overseeing the day‑to‑day execution of the company’s information security program while ensuring readiness for evolving global cybersecurity regulations, including the EU Cyber Resilience Act.