Job Description

CyberStorm Defense(TM) is seeking an experienced Information Systems Security Officer (ISSO) to provide cybersecurity governance, risk management, and compliance oversight for systems supporting the Federal Aviation Administration (FAA) and Department of Transportation (DOT).

This role supports FAA TechOps (AJW), Enterprise Services (AJM-3), and Program Management Organization (PMO) activities by ensuring that information systems remain compliant with AMS and NIST Risk Management Framework (RMF) standards, and maintain secure Authorization to Operate (ATO) status.

The ISSO will coordinate directly with system owners, assessors, and program leads to sustain continuous monitoring, manage risk posture, and ensure documentation and evidence are audit-ready.

Key Responsibilities

Serve as primary ISSO of record for designated FAA systems and applications. Develop, review, and maintain System Security Plans (SSP), Security Assessment Reports (SAR), POA&Ms, and Continuous Monitoring Plans. Guide systems through the FAA AMS-aligned RMF lifecycle (Categorization through Continuous Monitoring). Manage control implementation evidence, coordinate with engineering teams to remediate vulnerabilities, and update artifacts accordingly. Perform risk assessments and present results to system owners and Authorizing Officials (AO). Conduct annual control reviews, contingency plan testing, and incident response tabletop exercises. Interface with FAA's Cybersecurity Management Center (CSMC) and Enterprise Continuous Monitoring (ConMon) programs for data collection and reporting. Support audit readiness for internal and external assessments (IG, GAO, DHS CDM). Track and report on compliance metrics, residual risk, and system security posture to FAA leadership. Collaborate with the Cybersecurity Engineer, Cloud Security, and Network teams to ensure all control families (AC, CM, IR, SC, SI, etc.) remain implemented and verified.

Mandatory Qualifications

10+ years of experience as an ISSO or Information Assurance professional supporting FAA, DOT, or other federal agencies. Deep knowledge of FAA AMS policy, NIST SP 800-53/37, FedRAMP, and FISMA frameworks. Experience maintaining ATOs under the FAA AMS RMF variant and performing continuous monitoring. Familiarity with eMASS, XACTA, or similar compliance tools for RMF tracking. Excellent documentation and technical writing skills for security artifacts and risk reports. Bachelor's degree in Cybersecurity, Information Systems, or related field.

Preferred Qualifications

Prior support to FAA TechOps (AJW), Enterprise Services (AJM-3), or NextGen (ANG) programs. Certifications: CISSP, CISM, CAP, or Security+ CE. Experience integrating outputs from vulnerability management tools (Tenable, Splunk, Qualys) into POA&M tracking. Working knowledge of Zero Trust Architecture (ZTA) policy controls and the FAA's ongoing ZTA roadmap. Active Public Trust or Secret clearance preferred.

About CyberStorm Defense(TM)

CyberStorm Defense(TM) is an SBA 8(a), MBE/DBE-certified small business headquartered in the National Capital Region. We deliver cybersecurity, systems engineering, and aviation modernization services to civilian and defense clients.

Job Types: Full-time, Contract

Pay: $100,000.00 - $165,000.00 per year

Benefits:

401(k) Health insurance Vision insurance
Work Location: Hybrid remote in Washington, DC 20004