Information System Security Officer (ISSO)

Company Overview 

At Hexagon US Federal we provide cutting-edge technologies and a wide range of professional services to enable our customers to make smarter and faster operational decisions and improve mission effectiveness. 

Hexagon US Federal is an independent subsidiary of Hexagon Corporation exclusively focused on bringing the broad range of Hexagon technologies to the US Federal government and its partners.  

Quick Hits 

Employees: 200

Operating Locations: Chantilly, VA (HQ); Huntsville, AL; Lexington Park, MD, and other client sites across the US 

A Day in the Life of an Information System Security Officer:

As an Information System Security Officer at Hexagon US Federal, you will be expected to manage and oversee the cybersecurity risk management lifecycle of mission-critical, life-safety information systems across the DoD environment. 

• Ensure that systems comply with DoD 8500-series directives, NIST SP 800-53 controls, and other applicable federal security requirements.
• Monitor and enforce compliance with established security methodologies across all phases of system operations.
• Create and maintain comprehensive policies and procedures that detail security controls and system boundaries.
• Identify, document, and manage system vulnerabilities and mitigation strategies in POA&Ms.
• Act as a liaison between cybersecurity and technical teams to interpret and implement security controls effectively.
• Support engineering teams in ensuring that security requirements are appropriately addressed throughout the system lifecycle.
• Collaborate with Authorizing Officials (AOs), Security Control Assessors (SCAs), and other key personnel throughout the Assessment and Authorization (A&A) process.
• Participate in Security Control Assessments (SCAs), accreditation meetings, and compliance briefings.
• Prepare and submit required security documentation and artifacts for internal and external audits.
• On-call Support and Maintenance: Periodically, provide after-hours emergency support.
• Perform other tasks as directed. 

• Enjoy managing system security and compliance in support of mission-critical environments.
• Possess a strong understanding of RMF and DoD cybersecurity policy (NIST SP 800-53, CNSSI 1253, DoDI 8510.01).
• Are a skilled communicator and can interface between technical staff and government stakeholders.
• Are highly organized and capable of maintaining comprehensive security documentation through various environments.
• Exhibit sound judgment and uphold high ethical standards.
• Work well in a team-based, geographically diverse environment.
• Can thrive in a fast-paced, ever-changing, scrum operations-based environment directly supporting our nation’s public-safety infrastructure. 

• Bachelor’s degree in cybersecurity, information assurance, computer science, or a related field, with 5–8 years of experience in cybersecurity, information system security, or ISSO-related roles.
• Security+ certification is required; advanced certifications such as CISSP, CASP+, or CISM are strongly preferred.
• Demonstrated experience working within the Risk Management Framework (RMF), including control implementation, assessment, and authorization processes.
• Proficiency with key tools and platforms, including eMASS, STIGs/STIG Viewer, ACAS (Nessus/Tenable), and vulnerability scanning/assessment tools.
• Hands-on experience leading or supporting NIST SP 800-53 Rev 5 control implementation and tailoring activities to align with system requirements.
• Strong understanding of the Authorization to Operate (ATO) process, including the development and maintenance of Plan of Action and Milestones (POA&Ms) and other required RMF artifacts.
• In-depth knowledge of eMASS package creation and lifecycle management, from system inception through decommissioning, is highly desirable.
• Familiarity with FedRAMP controls and cloud security frameworks (AWS, Azure, or hybrid cloud environments) is a plus.
• Understanding of mobile system accreditation processes, including policies and compliance requirements, is a plus.
• Experience working with Computer-Aided Dispatch (CAD) systems or other mission critical operational technologies is a plus.

• Ability to remain in a stationary position and operate a computer for extended periods. 
• Occasional ability to move or transport items up to 25 pounds. 
• Communicate effectively in English (verbal, written) and possess visual and auditory acuity for tasks and safety. 
• Manage multiple tasks, prioritize, and maintain focus in dynamic environments. 
• Demonstrate strong problem-solving, critical thinking, and analytical skills. 
• Maintain consistent attendance, punctuality, and high professional standards. 

Required Level of Security Clearance: This position requires eligibility for Secret Clearance. Applicants must be U.S. citizens to be eligible for consideration.

Required Travel: 10%

What we will provide in return:  

- Competitive health care plans with savings accounts 

- Dental and vision plans 

- 401k with 100% company match up to 6%, with immediate vesting on company match 

- Life and disability insurance 

- Learning Management System with robust offerings 

- Tuition Reimbursement Program 

- Flexible hybrid and remote working arrangements where possible 

- 13 paid holidays per year 

- Veterans’ focused Employee Resources Group with regular educational sessions and communications 

- Leadership Development Program with multiple learning options 

Hexagon US Federal is an Equal Employment Opportunity Employer. We comply with all applicable federal anti-discrimination laws and provide reasonable accommodations for qualified individuals with disabilities and disabled veterans in its job application procedures. If you have any difficulty using our online system and need an accommodation due to a disability, you may use the following email address, [email protected] and/or phone number (703) 264-5600 to contact us about your interest in employment with Hexagon US Federal.

All qualified applicants will receive consideration for employment without regard to protected veteran status, disability status, or any other protected class covered by federal, state, or local law. Hexagon US Federal participates in E-Verify.

At Hexagon US Federal, we prioritize a secure and thorough hiring process. Be aware that we will never extend an employment offer without a careful review and interview process, and all official communications from our representatives will come from a verified Hexagon US Federal email address, never requesting upfront fees or sensitive information.