Responsibilities Peraton is seeking an Information Systems Security Officer (ISSO) to join our team. The Information System Security Officer (ISSO) is part of the PERATON DHS’ Security team and plays a Cybersecurity operational compliance role within the Citizen Security and Public Services Sector (CS&PS). The position is responsible for performing as a named ISSO for a Government System and assisting other ISSOs with end-to-end Governance Risk and Compliance (GRC) functions that entails security control implementation, continuous monitoring, and federal Assessment and Authorization (A&A) activities. Day to Day Work Responsibilities: - Works closely under the supervision of Cybersecurity Manager and with other security personnel within Peraton CS&PS Sector to ensure operational security measures are implemented. - Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing. - Reviews and continuously monitors implemented security controls. - Creates and maintains security checklists, templates, and other tools to aid in the A&A process. - Performs security control assessment using Agency guidelines/NIST guidance and as per continuous monitoring requirements. - Performs risk analyses to determine and recommend essential safeguards. - Proactively reviews Vulnerability Scans (Nessus, ACAS, We-App, etc.) and recommends compensating controls. - Prepares supporting materials for the security authorization package in accordance with the client contractual requirements. - Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc. - Maintains client-specific Plan of Action and Milestones (POA&Ms) and supports remediation activities using Information Assurance (IA) and Risk Management tools such as CSAM, eMASS, etc. - Maintains an inventory of hardware and software for the information system. - Develops, tests and trains on Contingency and Incident Response planning. - Experience working with the National Institute of Standards National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) requirements and reporting. - Experience in managing security Assessment and Authorization activities utilizing common control frameworks. - Experience with risk mitigation and selecting or designing appropriate security controls for implementation. - Experience applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings. - Experience with performing security risk and compliance activities in FedRAMP cloud-enabled environment (e.g., Microsoft Azure, Amazon AWS) - Experience in coordinating, monitoring and tracking security activities across multiple organizations. - Experience in managing security posture of General Support Systems (GSS) and Major Application system(s), working with engineering/Operation teams to remediate, and communicating system-level risks to the stakeholders. The ISSO operates as a trusted advisor in the organization, working with senior management and helps to understand operational issues and plans the next steps in collaboration with Cybersecurity Manager from an information security viewpoint. The candidate will be able to demonstrate industry expertise and thorough understanding of security governance, risk and compliance domain. This position requires the ability to interact and influence at an organizational level to carry out governance, risk and compliance activities. Qualifications Basic Qualifications: - US Citizenship required - Must be able to be pass US Government Clearance processes – DHS Public Trust with EOD and Secret or higher clearance - Bachelor’s degree in a technical field and 8 years experience or high school diploma/equivalent and 12 years experience - Good understanding of computer network security technologies used in the industry and related security configurations (e.g., DISA STIGs, CIS Benchmarks and settings) - Knowledge of the security countermeasures and overall RMF and NIST compliance guidelines - Must have the ability to influence system stakeholders in the execution of security and compliance requirements - CISSP certification Preferred Qualifications: - Excellent communication skills - Ability to work effectively in diverse, multi-national and virtual environments - Self-motivated and tenacious and demonstrates sound judgment and integrity - Experience of working with Federal Information Processing (FIPS), FISMA, FedRAMP and other Cyber Security related laws, regulations and directives - Experience of presenting at client meetings - Experience of translating contractual security requirements to deliverables Knowledge of Federal Government Security, industry and market trends and CS&PS business and offerings: - Understands federal security and regulations and DHS’ Security Policy and has in-depth knowledge of DHS’ Security Policy 4300a Peraton Overview Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure. Target Salary Range $104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. EEO EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.

• Defend the security of Chainguard customers, protecting every aspect of Chainguard’s products • Respond to incidents and events • Partner with our engineering organization to ensure security is paramount at every stage of development • Operate and monitor our DevSecOps tooling, using cutting edge AI capabilities • Coordinate with external reporters and researchers to respond to security reports and findings

• Defend the security of Chainguard customers, protecting every aspect of Chainguard’s products • Respond to incidents and events • Partner with our engineering organization to ensure security is paramount at every stage of development • Operate and monitor our DevSecOps tooling, using cutting edge AI capabilities • Coordinate with external reporters and researchers to respond to security reports and findings

• Conduct comprehensive risk assessments across security and technology domains (cloud, network, infrastructure, product, endpoint, third-party) using NIST Risk Management Framework, FAIR methodology, and qualitative/quantitative analysis methods. • Perform Business Impact Analysis (BIA) on critical systems to determine Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO), collaborating with process owners to validate findings and maintain documentation as business operations evolve. • Administer and maintain the security risk register with current and historical records, ensuring comprehensive documentation and audit evidence for regulatory examinations and internal/external audits. • Guide development and documentation of risk treatment plans aligned with enterprise risk appetite, collaborating with cross-functional stakeholders (Engineering, Legal, DevOps, IT, Security) on prioritization, execution strategies, and integration into product development and operational processes. • Track and validate execution of risk treatment plans, monitoring completion rates, escalating delays, and ensuring residual risk remains within tolerance levels while adjusting plans as needed based on mitigation and remediation progress. • Design and maintain quantifiable risk metrics across exposure measurement, control effectiveness assessment, and risk treatment progress tracking for executive decision-making, with continuous monitoring against organizational risk appetite thresholds via real-time dashboards and reporting. • Analyze emerging threats and regulatory changes to proactively surface new risks and support strategic initiatives including market expansion and new product launches. • Ensure all security and technology risk management activities adhere to applicable financial regulations, industry standards, and relevant frameworks (ISO 27001, SOC 2, PCI-DSS, NDPA, NIST, FAIR). • Support security teams in evaluating third-party and vendor risks, ensuring alignment with organizational security standards and conducting ongoing risk assessments as part of the vendor management program. • Communicate risk findings, assessments, and recommendations in business-relevant terms to stakeholders at all levels, translating technical risk concepts into actionable intelligence for executive leadership and operational teams.