Cloud ISSO

Cloud Security ISSO Location: Fort Belvoir, VA (On-Site/Office) Duration: FTE Clearance Required: Secret Certifications: Formal general security certification (e.g., CompTIA Security+, Cloud Security, Alliance - Certificate of Cloud Security Knowledge, (ISC) 2 Certified in Cybersecurity / Systems Security Certified Practitioner, GSEC - Global Information Assurance Certification Security Essentials , Offensive Security, Certified Professional, EC-Council Certified Ethical Hacker.) Perform all Information Systems Security Officer / Information System Security (ISSO/ISSM) related duties. This includes supporting ECMA's risk management of all cloud information systems/enclaves (AWS & AZURE). Responsible for all 7 steps of the NIST RMF (Prepare, Categorize, Select, Implement, Assess, Authorize & Monitor) to ensure compliance with Federal/DOD/Army reequipments. Also responsible for supporting the ECMA Cloud Security Operations team, in reviewing and approving security related tickets and other ad-hoc tasks. Serve as an Information Systems Security Officer/Manager (ISSO/ISSM) for ensuring the security and compliance of sensitive and classified DOD/ARMY data within AWS and AWS(IL4/5/6) environments. Collaborate with various stakeholders and worked across multiple divisions/business units to identify and mitigate potential cyber risks to the agency cloud environment. Work cross-functionally with individual contributors and senior leadership in developing ATO packages. Lead continuous monitoring efforts for multiple cloud enclaves to include ACAS scanning, POAM remediation, risk assessments (evidence collection for audits and reviews) Conduct comprehensive audits and risk assessments (NIST 800-53rev5), ensuring vendor and tenant compliance with DOD SRG security standards and readiness for production deployment. Develop and implement continuous monitoring and security strategies in collaboration with senior management, enhancing assessment and authorization initiatives. Review and assess FEDRAMP CSP authorization packages (SSP, CRM, SAR, P&Ps, POAMs) prior to inclusion into the ARMY's Enterprise Cloud Management Agency production environment. Manage, Track and Remediate over 400+ POAMs to strengthen the ARMY cloud secure posture. Completed four assessments on FEDRAMP CSO's to ensure compliance with ARMY rules and regulations prior to inclusion into the ARMY network.

Created: 2026-03-04