Senior Cloud ISSO

At B&A, we foster and embrace a distinct set of values that we live by and instill in all aspects of our organization: dedication, commitment, partnership, trust, and recognition. We have incorporated these values into successful delivery for our customers since 1988. B&A believes in ensuring its employees feel deeply connected to B&A, recognizing successes and hard work, and providing continuous opportunities to learn and grow. Our people are entrepreneurial thinkers that combine mindset, vision, and experience to drive value – not only to us as an organization, but to the clients we support. We promote a collaborative culture with our clients, and with each other, as one team working towards a common vision. We’d love for you to join our team!

Job Summary

The Senior Information Systems Security Officer (ISSO) – Cloud is responsible for overseeing cybersecurity compliance, risk management, and security operations for cloud-based and hybrid federal information systems within a cleared environment. This role supports the implementation and maintenance of secure cloud architectures while ensuring compliance with RMF, NIST, and federal cybersecurity requirements.

The ideal candidate brings strong expertise in cloud security engineering, vulnerability management, continuous monitoring, and enterprise cybersecurity operations across AWS, Azure, or Google Cloud Platform (GCP) environments.

Responsibilities

• Serve as the Senior ISSO for cloud-based and hybrid information systems in classified and enterprise environments. 
• Support implementation and maintenance of RMF cybersecurity processes and authorization activities for cloud systems. 
• Conduct continuous monitoring, vulnerability management, and security compliance activities across cloud platforms. 
• Assess cloud security risks and coordinate remediation efforts with technical and engineering teams. 
• Maintain cybersecurity documentation including SSPs, POA&Ms, security assessments, and authorization artifacts. 
• Utilize enterprise security tools to identify, analyze, and mitigate cybersecurity vulnerabilities and threats. 
• Support security assessments, audits, inspections, and compliance reviews. 
• Coordinate with government stakeholders, system owners, and cloud engineers to ensure adherence to federal cybersecurity standards. 
• Monitor cloud environments for security events, suspicious activity, and configuration compliance issues. 
• Provide technical guidance on cloud security best practices, architecture, and risk mitigation strategies. 
• Support incident response and remediation activities involving cloud infrastructure and applications. 
• Track and report cybersecurity risks, findings, and remediation status to leadership.

Education and Experience

• Minimum of 9 years of experience in cybersecurity, information assurance, computer science, or related IT fields. 
• At least 7 years of experience serving as an ISSO within a cleared or classified environment. 
• Experience supporting cloud-based systems and cloud security operations in AWS, Azure, or GCP environments. 
• Bachelor’s degree in computer science, Cybersecurity, Information Technology, Business Management, or related discipline preferred. 
• Advanced degree in a related field preferred. 
• Experience supporting RMF, NIST cybersecurity frameworks, and federal compliance programs required.

Required Skills

• Strong understanding of RMF, NIST standards, and federal cybersecurity compliance frameworks. 
• Experience securing cloud environments and supporting cloud authorization activities. 
• Familiarity with enterprise cybersecurity and vulnerability management tools including Tenable Nessus/Security Center, Splunk, IBM Guardium, HP Webinspect, NMAP and similar cybersecurity monitoring and assessment tools
• Strong knowledge of cloud security principles, architecture, and secure configuration management. 
• Experience with continuous monitoring, vulnerability remediation, and risk analysis. 
• Strong analytical, troubleshooting, and problem-solving skills. 
• Ability to support multiple systems and priorities in fast-paced environments. 
• Excellent written and verbal communication skills. 
• Strong organizational and leadership capabilities. 

Certifications

• CISSP (Certified Information Systems Security Professional) 
• GISP (Global Information Security Professional) 
• CASP+ (CompTIA Advanced Security Practitioner) 
• Or equivalent certification meeting DoD 8570 IAM Level III requirements 

Additionally, candidates must hold at least one cloud security certification from AWS, Azure, or GCP, including one or more of the following:

• AWS Certified Security – Specialty 
• CCSP ((ISC)² Certified Cloud Security Professional) 
• AWS Certified Solutions Architect – Associate 
• Microsoft Certified: Azure Security Engineer Associate (AZ-500) 
• Google Professional Cloud Security Engineer

Security Clearance

• Active Top-Secret clearance required 
• SCI eligibility may be required depending on assignment

More About B&A:

Notable Clients

B&A has grown to be a company that is trusted by our clients for exceptional service, innovative solutions, and inspired employees. Our service extends through federal, state, and local Government, the private sector, and higher education. Some of our notable clients include Department of Homeland Security, U.S. Customs and Border Protection, U.S. Senate, U.S. Courts, U.S. Census Bureau, U.S. Navy, and more.

Benefits and Programs

B&A is proud to offer three robust individual and family medical plans to full time employees, including a Health Savings Account (HSA) option as well as two tiers of dental coverage, vision, life & AD&D, disability, accident, hospital indemnity, and critical illness insurance. In addition to these benefits, B&A employees enjoy paid time off, B&A sponsored trainings and certifications, pet insurance benefits, commuter transit benefits and a free subscription to a virtual exercise platform (NEOU). B&A’s 401(k) plan is available to all employees and includes a company matching contribution.

B&A has launched several programs to focus on employee engagement, wellness, and assistance. These include:

• The B&A Cares program: 30/60/90-day wellness check ins, personal development, financial management, and stress management seminars, and more
• A formal mentorship program
• Job shadowing and cross training opportunities
• Brand Ambassador program
• Employee Assistance Program (EAP) - Access to various support resources to include counseling, legal guidance, financial planning, and more
• Monthly teambuilding events
• B&A Annual Wellness Challenges: #StepWithB&A, #WalkDuringLunchWithB&A, #VolunteeringWithB&A, #ExerciseDuringLunchWithB&A, and more

At B&A, we place significant importance on improving the communities and lives of citizens across the nation through our involvement, technology expertise, and employees. B&A puts an emphasis on charitable efforts in the Northern Virginia area, including Capital Area Food Bank pantry drives, book donations, Hope for Henry Foundation events, and many more. In recognition of all these efforts, B&A has been named a Companies as Responsive Employers (CARE) award recipient by Northern Virginia Family Services and nominated by the Northern Virginia Chamber of Commerce for Outstanding Corporate Citizenship Award.

EEO

B&A provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. B&A complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy covers conduct occurring at B&A’s offices, and other workplaces (including client sites) and all other locations where B&A is providing services, and to all work-related activities.

EEO is the Law

B&A participates in e-Verify. We provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee’s I-9 Form to confirm work authorization.