Apply on Employer Site

Hewlett Packard Enterprise · 13 hours ago

ISSO IT Security Services Manager

Annapolis, Maryland

Full-time

Onsite

Senior Level

$106K/yr - $243K/yr

5+ years exp

Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. The ISSO IT Security Services Manager will be responsible for implementing, maintaining, and monitoring the security posture of accredited information systems while ensuring compliance with DoD/IC security policies and procedures.

Data CenterEnterprise SoftwareInformation TechnologyIT ManagementNetwork Security

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Serve as the designated ISSO and primary point of contact for assigned IC/DoD mission systems, owning system security posture, assignment of security technical implementation guides (STIGs), RMF/accreditation activities, and coordination with Government stakeholders (Authorizing Officials, Security Control Assessors, ISSMs, and external auditors)

Manage configuration management processes to ensure integrity, traceability, and secure state of system baselines and authorized changes throughout the system lifecycle

Develop, maintain, and manage RMF accreditation documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessment Reports (RARs), Plans of Action & Milestones (POA&Ms), and Interconnection Security Agreements (ISAs)

Execute continuous monitoring activities—vulnerability scanning, patch/configuration management, baseline assurance, and log/telemetry analysis—and coordinate remediation to mitigate risk

Plan and coordinate security control assessments, compliance inspections, and audits; manage remediation tracking, risk acceptance, and engagement with Authorizing Officials to achieve and maintain Authority to Operate (ATO)

Develop, implement, and exercise Incident Response Plans (IRPs); lead incident triage, containment, recovery, reporting, and root‑cause analysis in accordance with IC and DoD policy

Provide technical guidance on secure system design, hardening, boundary protections, data handling, and cryptographic/COMSEC considerations

Advise leadership and stakeholders on system risk posture, emerging threats, and recommended mitigation strategies; prepare concise security briefings and reports

Develop and deliver security training and awareness materials for system users, administrators, and engineering teams

Maintain currency on evolving IC and DoD cyber security standards, threats, and best practices

Qualification

TS/SCI clearanceRisk Management Framework (RMF)DoD security directivesVulnerability assessment toolsDoD 8570 IAT Level IIIncident Response Plans (IRPs)Configuration managementCommunication skillsTeamworkCritical thinking

Required

Active TS/SCI with Polygraph (current and adjudicated)

DoD 8570 IAT Level II certification: Security+ CE or higher (SSCP, GSEC, CCNA Security, etc.)

5+ years of experience administering classified information systems

3+ years as a named ISSO supporting IC systems

Expertise with RMF (NIST SP 800‑37/800‑53) and IC/DoD security directives, DIACAP processes

Experience with vulnerability assessment tools, SIEM/log analysis, patch management, configuration hardening, and CM tools/processes

Strong communication skills with experience briefing technical and non‑technical stakeholders

U.S. Citizenship required

Preferred

CISSP, CAP, CISSP‑ISSMP, or equivalent advanced certifications

Prior IC program support within classified environments

Experience securing classified cloud environments, cross‑domain solutions, PKI, and cryptographic handling policies

Familiarity with DevSecOps practices in classified enclaves

Bachelor's degree in Cybersecurity, Computer Science, Information Assurance, or related field preferred; equivalent education or related experience acceptable