Sr ISSO (TS/SCI CI Polygraph)

Zachary Piper Solutions is seeking a Sr Cyber Security Engineer (ISSO) to support a critical Intelligence program for an analysis & procurement cell throughout the DC/MD/VA. The team is seeking a skilled security specialist to lead technical security assessments and maintain the security posture for an enterprise data modernization effort.

Clearance: TS/SCI CI Polygraph

Location: Reston, VA; JBAB Washington, D.C.; Annapolis Junction, MD (Hybrid work)

This job opens for applications on 4/9/2026. Applications for this job will be accepted for at least 30 days from the posting date   

Responsibilities of the ISSO:

·      Perform technical security assessments and contribute to the design, implementation, and oversight of secure systems.

·      Ensure system security compliance, manage risk, and support certification and accreditation activities across the full program lifecycle.

·      Collaborate with application leads, system administrators, database administrators, developers, and testers to ensure systems meet security requirements and achieve or maintain Authorization to Operate (ATO).

·      Integrate security requirements into system design and development from inception, ensuring compliance is built in by design.

·      Support security assessment activities and address inquiries from Information System Security Managers (ISSMs) and Security Control Assessors (SCAs).

·      Develop, maintain, and update System Security Plans (SSPs), POA&Ms, and other required security artifacts using XACTA.

·      Lead Interim Authorization to Test (IATT) and ATO efforts, coordinating with program stakeholders, cybersecurity teams, and the Authorizing Official (AO).

·      Implement and validate NIST SP 800-53 security controls within cloud-native Data Platform as a Service (DPaaS) environments.

·      Apply Zero Trust architecture principles to secure data services, including identity management, network segmentation, and traffic flow control.

Qualifications of the ISSO:

·      Bachelors degree and 5+ years of cyber security experience, additional 2 years of experience in lieu of a degree.

· Active Top Secret/SCI CI Polygraph 

·      Security+ or other IAT II/III level certification that is currently active

·      Proficiency with XACTA and DIA’s RMF process, including managing IATT and ATO processes.

·      Proficiency with Splunk.

·      Experience leading assessments of existing IT architecture for compliance with security requirements from applicable security frameworks (such as ICD 503).

·      Experience supporting data/cloud modernization projects (data warehouse, data lakes, etc.)

·      Experience with implementing and maintaining system security documentation, including SSPs, SAPs, POA&Ms, and security assessment artifacts, coordinating closely with ISSMs, ISSEs, system owners, and authorizing officials.

 Compensation of the ISSO: 

·      Total compensation based on experience level - $140,000 - $180,000+

·      Full Benefits: PTO, Holidays, 401K, Medical Dental Vision coverage

·      Hybrid work opportunity

·      Certification reimbursement

#LI-MK1 #LI-Onsite #LI-Hybrid

Keywords: Information System Security Officer (ISSO), cybersecurity compliance, Risk Management Framework (RMF), NIST SP 800-53, system security authorization, Authorization to Operate (ATO), Interim Authorization to Test (IATT), top secret/sci, ts/sci, ci polygraph, polygraph, W2, Opentowork, hiring, onsite, reston, Washington dc, maryland, Xacta, ATO, Fedramp, cloud, data, data engineer, data science, data lake, data warehouse, security control assessment, continuous monitoring, security risk management, vulnerability management, incident response coordination, security assessment and authorization (A&A), System Security Plan (SSP), Plan of Actions and Milestones (POA&M), XACTA, security documentation, audit readiness, FISMA compliance, configuration management, access control, identity and credential management, least privilege, secure system design, SDLC security integration, cloud security, Zero Trust architecture, data protection, encryption, logging and monitoring, security testing and evaluation, stakeholder coordination, ISSM and SCA engagement, compliance reporting, government cybersecurity standards.