Huntridge Labs, LLC

Role Description The Information System Security Officer (ISSO) is responsible for ensuring the security, compliance, and authorization of information systems in accordance with VA and DoD standards. This role focuses on supporting Risk Management Framework (RMF) activities, particularly for medical devices and healthcare IT systems, ensuring compliance with VA Directive 6500, HIPAA, and NIST Special Publications (800-53 Rev. 5 and 800-37). The ISSO works closely with system owners, engineers, and Authorizing Officials to maintain system security posture, support ATO processes, and ensure continuous monitoring across networked environments. Key Responsibilities - RMF & Authorization (ATO) Support - Support full lifecycle RMF activities in alignment with NIST 800-37 - Develop and maintain RMF artifacts including: - System Security Plans (SSP) - Security Assessment Reports (SAR) - Plan of Action & Milestones (POA&M) - Coordinate and support Authority to Operate (ATO) and reauthorization efforts - Work with Authorizing Officials (AO), ISSMs, and system owners - Medical Device Security (VA / DoD Focus) - Assess cybersecurity risks for network-connected medical devices - Ensure compliance with VA 6500 and relevant VA Handbook 6500.x controls - Evaluate vendor documentation and security controls for medical equipment - Support integration of medical devices into secure VA/DoD networks - Collaborate with biomedical engineering and clinical teams on risk mitigation - Network Security & Architecture - Review and understand network architectures supporting enterprise and clinical systems - Identify vulnerabilities across networked environments (LAN/WAN/cloud) - Ensure proper system boundary definitions and data flow documentation - Validate security configurations and segmentation for sensitive systems - Compliance & Controls Implementation - Implement and assess controls aligned with: - NIST SP 800-53 Rev. 5 - VA Directive 6500 - HIPAA Security Rule - Conduct control assessments and continuous monitoring activities - Track, manage, and remediate vulnerabilities - Continuous Monitoring & Risk Management - Maintain ongoing system security posture through continuous monitoring - Analyze security scan results (e.g., ACAS, Nessus, STIG compliance) - Manage and update POA&Ms and risk registers - Support incident response and reporting activities as required - Collaboration & Communication - Serve as a liaison between cybersecurity, engineering, and clinical stakeholders - Provide security guidance to system owners and project teams - Communicate risk posture clearly to leadership and compliance authorities Qualifications - Experience as an ISSO, ISSM, or cybersecurity professional in federal environments - Strong knowledge of: - NIST SP 800-53 Rev. 5 - NIST RMF (800-37) - VA Directive 6500 / 6500 series - HIPAA security requirements - Experience with ATO package development and maintenance - Understanding of network architecture and cybersecurity principles - Experience supporting DoD or VA systems (highly preferred) - Familiarity with medical device cybersecurity or healthcare IT systems Preferred Qualifications - ServiceNow CAM a HUGE PLUS - Experience with VA or DoD medical systems / biomedical environments - Knowledge of FISMA and federal compliance frameworks - Familiarity with tools such as: - eMASS (DoD) or VA equivalent systems - Vulnerability scanning tools (ACAS, Nessus) - Certifications such as: - Security+ - CISSP - CAP - CISM Key Strengths - Strong analytical and risk management skills - Ability to translate technical risk into business/mission impact - Effective communicator with cross-functional teams - Detail-oriented with documentation and compliance focus

About the role As a ServiceNow Architect, you know how to harness the latest technologies by developing low-code platforms and creating user-friendly solutions for your clients. We’re looking for a seasoned solution engineer like you to support the management of ServiceNow from vision to production-ready, solving our clients’ most complex challenges What you'll do As a ServiceNow Architect at Booz Allen, you’ll share your skills in programming languages and databases, using little to no code to identify new techniques and improve the digital environment. You’ll use the latest cloud tools as you guide your team and develop creative solutions. Using your technical knowledge, you’ll work cross-collaboratively to automate and accelerate cloud modernization and reduce system maintenance and development costs. You’ll be a trusted advisor to your clients as you translate their IT needs and future goals into a plan by crafting architectural patterns, design standards, and and implementing best practices. Qualifications - 5+ years of experience with ServiceNow development, including core ITSM tables, CSM, Glide, scripting, business rules, client scripts, custom apps, or development methods - Experience with web development, including XHTML, HTML, CSS3, SQL, XML, or Angular, and back-end technologies, including JavaScript, PHP, .NET, Java, or ColdFusion - Experience with ServiceNow configuration management database (CMDB) administration - Experience implementing scripted web services in ServiceNow, jQuery, or Prototype libraries, Java, and CMDB or asset integrations in ServiceNow - Experience coordinating and leading client workshops - Experience with scoped delegated development in a multi-vendor environment - Knowledge of SOAP and REST web services - Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements - Bachelor’s degree in CS, EE or engineering/technical and 5 years of experience or 8 years of experience in lieu of degree (LCAT: Systems Engineer, Senior) Additional Nice to Have Capabilities:  - Experience with ServiceNow Enterprise Agile Planning (EAP) in Strategic Planning Module - Experience supporting VA Enterprise Efforts - Experience with Object Oriented Programming, SQL, and NoSQL databases - Experience with application design concepts and tools, including using UML, ERD, and Flow Diagrams - Experience introducing open-source solutions into ServiceNow via Script Includes or as JS or CSS Includes - Experience implementing ServiceNow inside a DevOps pipeline - Experience with Agile Scrum development methods - Knowledge of SAML, Active Directory, or LDAP Integrations - Ability to work with stakeholders to define requirements - CIS-CSM Certification - Salary Range-$110k-$130k