• Design and implement security controls for mobile applications, backend services, and web platforms • Conduct threat modelling and risk assessments for new and existing systems • Embed secure coding practices across engineering teams, aligned with OWASP standards • Partner with engineers to ensure security is integrated throughout the software development lifecycle (SDLC) • Identify and remediate application vulnerabilities and security risks • Contribute to the implementation and improvement of DevSecOps practices • Provide guidance on secure architecture and secure software design • Support the development and enforcement of security policies, controls, and engineering standards • Improve the organisation’s application security posture through proactive security reviews and testing • Work with teams to ensure systems meet internal security standards and external regulatory requirements • Provide security expertise for infrastructure components including containers and cloud-native environments • Contribute to incident response and vulnerability management processes

• Configure, administer, and continuously improve Machinify’s Vanta GRC platform across all organizational entities • Build and maintain Vanta integrations with cloud environments (AWS, Azure), identity providers, endpoint management tools, HR systems, and other compliance-relevant data sources • Automate evidence collection workflows to reduce manual effort for HITRUST r2, SOC 2 Type II, and other certification cycles • Develop and maintain custom tests, policies, and controls within Vanta to reflect Machinify’s specific compliance requirements and risk posture • Monitor control health dashboards and manage remediation workflows for failing or at-risk controls • Manage the Vanta vendor risk module, including questionnaire automation and third-party assessment workflows • Support access review automation through Vanta, ensuring timely completion and accurate documentation • Maintain and improve GRC platform documentation including integration configurations, data flows, and control mapping • Evaluate and implement new Vanta capabilities as the platform evolves, including AI-assisted compliance features • Support HITRUST r2 and SOC 2 Type II audit activities through evidence preparation, auditor portal management, and issue tracking • Assist with customer security questionnaire responses by leveraging Vanta’s trust center and evidence library • Contribute to third-party risk assessments by coordinating vendor security reviews and maintaining assessment records • Help develop and maintain security policies and procedures aligned with HITRUST and SOC 2 requirements • Support the risk register by maintaining risk records, tracking remediation actions, and producing risk reporting • Participate in security awareness program activities including content development and training delivery tracking • Assist with regulatory documentation requirements including HIPAA privacy and security program documentation • Collaborate with the Security Engineering team to ensure technical controls are properly reflected in the GRC platform.

• Oversee multi-site physical security operations including access control, visitor management, guard services, perimeter protection, CCTV support, and incident response; ensure consistent coverage and procedures. • Lead response and investigation of incidents (unauthorized access, breaches, theft, vandalism, safety concerns); coordinate on-site actions, support GSOC escalations, and produce reports and after-action reviews. • Manage security vendors and guard services; oversee performance, staffing, training, post order compliance, and service quality; conduct site visits and reviews. • Enforce corporate security policies across sites including badge/access control, visitor processes, patrols, and reporting standards; support rollout of new initiatives. • Partner with technology teams to maintain and improve access control, CCTV, intrusion detection, and perimeter systems; support troubleshooting and upgrades. • Collaborate with GSOC on alarm monitoring and response; validate alarms, guide local response, and ensure adherence to procedures. • Conduct site security assessments (perimeter, access control, guard posts, camera coverage); identify vulnerabilities and implement mitigation plans. • Work with Data Center Ops, Facilities, IT, Corporate Security, and Compliance teams to integrate security into operations and projects. • Support audits and ensure adherence to security standards; maintain access logs, visitor records, incident documentation, and policy compliance. • Provide training and guidance to guards, staff, contractors, and vendors on security procedures, incident response, and access control requirements.

Role Description Peraton is seeking an Information Systems Security Officer (ISSO) to join our team. The Information System Security Officer (ISSO) is part of the PERATON DHS’ Security team and plays a Cybersecurity operational compliance role within the Citizen Security and Public Services Sector (CS&PS). The position is responsible for performing as a named ISSO for a Government Systems and assisting other ISSOs with end-to-end Governance Risk and Compliance (GRC) functions that entails security control implementation, continuous monitoring, and federal Assessment and Authorization (A&A) activities. - Works closely under the supervision of Cybersecurity Manager and with other security personnel within Peraton CS&PS Sector to ensure operational security measures are implemented. - Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing. - Reviews and continuously monitors implemented security controls. - Creates and maintains security checklists, templates, and other tools to aid in the A&A process. - Performs security control assessment using Agency guidelines/NIST guidance and as per continuous monitoring requirements. - Performs risk analyses to determine and recommends essential safeguards. - Proactively reviews Vulnerability Scans (Nessus, ACAS, We-App, etc.) and mitigates system vulnerabilities and recommends compensating controls. - Prepares supporting materials for the security authorization package in accordance with the client contractual requirements. - Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc. - Maintains client-specific Plan of Action and Milestones (POA&Ms) and supports remediation activities using Information Assurance (IA) and Risk Management tools such as CSAM, eMASS, etc. - Maintains an inventory of hardware and software for the information system. - Develops, tests and trains on Contingency and Incident Response planning. - Experience working with the National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) requirements and reporting. - Experience in managing security Certification and Accreditation activities utilizing common control frameworks. - Experience with risk mitigation and selecting or designing appropriate security controls for implementation. - Experience applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings. - Experience with performing security risk and compliance activities in FedRAMP cloud-enabled environment (e.g., Microsoft Azure, Amazon AWS). - Experience in coordinating, monitoring and tracking security activities across multiple organizations. - Experience in managing security posture of General Support Systems (GSS) and Major Application system(s), working with engineering/Operation teams to remediate, and communicating system-level risks to the stakeholders. - Demonstrates understanding and experience with DevSecOps. Qualifications - US Citizenship required; active Secret clearance. - Bachelor’s degree in Computer Science, Computer Studies, Information Security and 8 years experience or MS/MA degree in Computer Science, Computer Studies, Information Security and 6 years experience or high school diploma and 12 years experience. - Good understanding of computer network security technologies used in the industry and related security configurations (e.g., DISA STIGs, CIS Benchmarks and settings). - Knowledge of the security countermeasures and overall RMF and NIST compliance guidelines. - Must have the ability to influence system stakeholders in the execution of security and compliance requirements. - Certifications Required: CISM; At least one Cloud Security Certification: AWS Cloud Practitioner, AWS Security Professional; CCSP; MS Azure Security Certification; CCSK. Requirements - Certifications: CISA, CRISC, GSEC, CompTIA Sec+. - Excellent communication skills. - Ability to work effectively in diverse, multi-national and virtual environments. - Self-motivated and tenacious. - Demonstrate sound judgment and integrity. - Experience of working with Federal Information Processing (FIPS), FISMA, FedRAMP and Other Cyber Security related laws, regulations and directives. - Experience of presenting at client meetings. - Experience of translating contractual security requirements to deliverables. - Knowledge of Federal Government Security, industry and market trends and CS&PS business and offerings. - Understands federal security and regulations. - Understands DHS’ Security Policy and has in-depth knowledge of DHS’ Security Policy 4300a. Company Description Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers.