Job Closed
This listing is no longer active.
Oxley Enterprises®, Inc. is a certified service-disabled veteran-owned (SDVOSB), economically disadvantaged woman-owned (EDWOSB), Small Business Administration Certified 8(a), and small disadvantaged business (SDB) that has 25 years of experience building and delivering quality IT systems and programs. Oxley is ranked in the INC 5000 7 times (2016, 2017, 2018, 2021, 2023, 2024, 2025). Oxley is a 2019 - 2025 Department of Labor HIRE Vets Medallion Award Winner. Oxley is Virginia Values Veterans certified.
Information System Security Officer (ISSO) Lead
Location
United States
Posted
16 days ago
Salary
$111.8K - $164.4K / year
Seniority
Lead
Job Description
Information System Security Officer (ISSO) Lead
Oxley Enterprises®, Inc.
Role Description Lead the authorization integrity of one of the Department of Veterans Affairs (VA's) most complex multi-tenant cloud platforms. As the Information System Security Officer (ISSO) Lead, you will manage Authorization to Operate (ATO)/Approval to Connect (ATC) sustainment, security audits, and continuous monitoring across a platform undergoing active authorization boundary restructuring. The ISSO Lead manages all Authorization to Operate (ATO)/Approval to Connect (ATC) activities, coordinates security audits and assessments, and oversees Plan of Action and Milestones (POA&M) lifecycle management across the tiered multi-tenant authorization environment. Qualifications - 10 years of experience in information systems security - Bachelor's Degree in cybersecurity, information assurance, or related field - Certified Information Systems Security Professional (CISSP) or Certified Authorization Professional (CAP) (preferred) Requirements - Expert knowledge of National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) process (e.g., Categorize, Select, Implement, Assess, Authorize, and Monitor) - Excellent ability to initiate actions required to establish new ATOs/ATCs - Excellent ability to maintain existing authorizations - Excellent ability to attend or conduct security audits - Excellent experience drafting assessment finding mitigation plans - Excellent knowledge of multi-tenant ATO inheritance frameworks - Excellent ability to support authorization boundary management between platform and tenant layers - Above average ability to maintain security documentation (e.g., Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Security Impact Analysis (SIA), Business Impact Analysis (BIA), Data Security Categorization (DSC), hardware/software lists, and Ports, Protocols, and Services Management (PPSM) documents) - Experience supporting a federal agency - Excellent verbal and written communication skills Benefits - The annual projected pay range for this position is $111,776 - $164,390 with consideration being given to various factors including but not limited to qualifications, experience, job responsibilities, and geographic location. - Medical, dental, vision and prescription drug coverage for you and your family. - Life Insurance, short-term disability and long-term disability paid for by the Company. - Supplemental coverages including Accident, Critical Illness, and Hospital. - Additional Life insurance coverage for you and your dependents. - 401k plan with various options to select based on your retirement goals. Tasks/Activities - Initiates actions required to establish new ATOs and ATCs - Maintains all existing authorizations including periodic assessment oversight and staffing of all ATO audits - Coordinates all RMF activities with the AO, ISSO counterparts, ISO, and designated stakeholders - Attends or conducts all security audits including General (IG), Security Assessment and Validation Data (SAVD), Cybersecurity Compliance Task Force (CCTF), Office of Information Security (OIS), Information Security Risk Management (ISRM), Governance Risk and Compliance (GRC), and Information Security Policy & Strategy (ISPS) assessments - Attends closeout meetings and reviews all reported findings for accuracy - Drafts assessment finding mitigation plans including roadmap and timeline - Submits Plans of Action and Milestones (POA&M) for all prescribed remediations - Maintains program security documents, diagrams, and artifacts required for ATO/ATC upkeep including PTA, PIA, SIA, BIA, DSC, hardware lists, software lists, and PPSM documents - Collaborates with application development teams and platform architects to establish and maintain Interconnection Diagrams (ICD), High Level Diagrams (HLD), and security assessment boundary diagrams - Supports the Multi-Tenant Platform Evolution Strategy ensuring ATO inheritance frameworks and authorization boundaries between platform and tenant layers are clearly defined - Ensures no lapse in ATO status for any platform capability, service, or hosted application - Contributes to the monthly RMF, security, and ATO status report including authorization posture, renewal timelines, and control implementation status
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Director of Engineering, Security
GitLabBuild software faster. The One DevOps Platform enables your entire org to collaborate around your code. We're hiring.
• Set the engineering vision and multi-quarter roadmap across teams working on proprietary scanners, AI-driven security workflows, research functions, vulnerability management, and security foundations. • Lead a distributed engineering organization of managers and individual contributors, with a focus on team performance, engagement, and career development. • Drive architectural decisions for AI and machine learning detection engines, agentic remediation flows, and scalable scanning infrastructure. • Partner with product management to define priorities, shape requirements, and deliver security capabilities for customers in regulated and security-conscious environments. • Own the engineering delivery of GitLab’s proprietary application security scanners, agentic remediation workflows, and AI Security Research efforts. • Represent the Security Factory stage in cross-functional planning, executive reviews, security disclosures, and customer conversations. • Establish engineering standards for delivery, observability, incident response, scanner quality, and code quality. • Contribute to GitLab’s transparent, async-first way of working through issues, merge requests, and the GitLab handbook.
Aviation Infrastructure and Security Subject Matter Expert
AmentumA Premier Leader in Global Engineering, Project Management, and Solutions Integration.
• Design and develop comprehensive, classroom-based courses utilizing federal aviation security standards. • Adapt and tailor U.S. best practices for aviation security curricula to fit specific legal authorities, operational environments, language requirements, and capability levels. • Instruct partners on identifying, assessing, and neutralizing security risks. • Design practical frameworks and case studies regarding airspace risk management. • Execute short-term Temporary Duty (TDY) travel to partner nations to deliver workshops. • Write and submit timely, high-quality technical reports, work plans, and assessments.
• As a Security Engineer (Red Team), you will help Pindrop proactively identify and exploit weaknesses across product, cloud, and AI-powered systems so we can strengthen defenses before adversaries do. • Design and execute red team operations against Pindrop’s GenAI systems, LLM pipelines, RAG architectures, autonomous agents, APIs, SaaS products, and cloud environments, simulating real-world attacks across both traditional and AI-specific attack surfaces. • Conduct adversarial testing focused on prompt injection, indirect prompt attacks, jailbreaking, model extraction, training-data poisoning, data leakage, inference abuse, and unauthorized output manipulation. • Use deepfake generation, voice synthesis, and related spoofing techniques to test and attempt to defeat Pindrop’s voice authentication and deepfake detection capabilities, helping identify model robustness and detection gaps. • Develop novel attack chains that combine GenAI vulnerabilities with infrastructure, application, identity, and API weaknesses to create realistic end-to-end threat scenarios. • Plan and execute full-scope penetration tests and support bug bounty efforts across Pindrop’s web applications, APIs, SaaS products, and AWS/GCP environments using commercial and open-source offensive tooling. • Perform architecture reviews, security code reviews, and threat modeling with emphasis on vulnerabilities introduced by AI/ML components, model integrations, and LLM-facing services. • Build automation for offensive security workflows, testing, compliance checks, alerting, and reporting using Python or similar scripting languages, including AI-native attack tooling where useful. • Partner closely with SecOps and security engineering to improve detections, tune response workflows, and translate red team findings into practical remediation and defensive improvements. • Stay current on GenAI security research, adversarial ML techniques, evolving threat intelligence, and relevant regulatory developments, then apply those insights to Pindrop’s security program.
Junior Hearing Attorney – Social Security Disability
MindSetA great culture leads to a dominantly successful business. We provide insights and techniques to build this culture.
• Client Consultation: Meet with clients to evaluate their eligibility for SSI/SSDI benefits, discuss case strategy, and prepare them for the disability hearing process. • Application & Appeals Assistance: Assist clients throughout the Social Security Disability claims and appeals process, ensuring applications and supporting documentation are accurate, complete, and positioned for success. • Hearing Representation: Represent clients during hearings before Administrative Law Judges (ALJs), advocating on their behalf throughout the appeals process. • Evidence Gathering: Review and analyze medical records, employment history, vocational evidence, and other supporting documentation to strengthen disability claims. • Legal Research: Stay informed on SSA regulations, policies, and relevant case law to effectively advocate for clients and provide sound legal guidance. • Communication: Serve as the primary legal point of contact for clients while communicating with the Social Security Administration and other agencies as needed. • Advocacy: Passionately advocate for individuals living with disabilities, ensuring they receive the benefits they deserve. • Technology & Case Management: Utilize cloud-based legal technology, digital case management systems, Google Workspace, Slack, and AI-assisted tools to efficiently manage caseloads in a fully remote environment. • Collaboration: Partner closely with case managers, legal support staff, and fellow attorneys to deliver exceptional client service and achieve successful outcomes.



