Samsara logo

Samsara

remote

ISSO-ACTIVE SECRET CLEARANCE REQUIRED

full-timeRemote
security
cybersecurity
rmf

ISSO-ACTIVE SECRET CLEARANCE REQUIRED

Primary Responsibilities:

  • Serve as the lead security representative for system RMF lifecycle activities, including control selection, implementation, testing, and documentation.
  • Develop, review, and maintain key RMF artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), Contingency Plans (CPs), and POA&Ms.
  • Ensure systems maintain a valid Authorization to Operate (ATO) through continuous monitoring, vulnerability assessments, and compliance reporting.
  • Validate the implementation of security controls and document evidence in Enterprise Mission Assurance Support Service (eMASS).
  • Collaborate with cybersecurity engineers, auditors, and control assessors to prepare for internal and external security audits and inspections.
  • Analyze and respond to scan results, SIEM alerts, audit logs, change management actions, and potential cybersecurity incidents.
  • Support the integration of security into DevSecOps pipelines, ensuring secure configuration management, patching, and container security practices.
  • Provide security engineering guidance to development and infrastructure teams in areas such as encryption, access controls, secure protocols, and authentication methods.
  • Lead the execution of cybersecurity training, awareness initiatives, and policy compliance briefings for staff and stakeholders.
  • Identify, assess, and mitigate risks associated with system design, implementation, and operational posture.
  • Provide oversight for managing privacy-related data, insider threat indicators, and incident handling workflows in accordance with federal mandates.
  • All other duties as assigned by management.

Education/Experience Requirements:

  • Bachelor’s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
  • Minimum of six (6) years experience in information security/information assurance.
  • Minimum of five (5) years of experience in the risk management framework.
  • Hands-on experience with Active Directory, Windows/UNIX systems, and relational databases in secure environments.
  • Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.