Microsoft Information Systems Security Officer CTJ - Poly 

United States, Virginia, Arlington 

275410559

We are seeking a highly skilled and dedicated Information Systems Security Officer (ISSO) to support our Special Access Program (SAP). This role requires a motivated and experienced cybersecurity professional to manage the security posture of SAP systems, performs end-to-end security analysis, ensure compliance with government regulations, and protect the confidentiality, integrity, and availability of critical information assets. The ISSO will be instrumental in implementing and maintaining security protocols, policies, and controls in compliance with the Joint Special Access Program Implementation Guide (JSIG), NIST standards, and other applicable government requirements.

If you have experience implementing NIST RMF requirements for National Security Systems, this is an exciting opportunity and you are encouraged to apply today.

Required/Minimum Qualifications

• 4+ years experience in Security Program or Program Management or related field.
• 4 years of experience with Bachelor’s degree in cybersecurity or relevant field
• 1 year of experience in the DoD or intelligence community
• Current IAM DoD Level 1 Security certification (CAP, GSLC, or Security+ CE)

Other Requirements

The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph. Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. Failure to maintain or obtain the appropriate U.S. Government clearance and/or customer screening requirements may result in employment action up to and including termination.

Clearance Verification:

This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment.

Candidates must be able to successfully complete and pass a Microsoft Cloud background screening. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government clearance.

Preferred Qualifications:

• 2 years of information assurance experience, including evaluating, testing, certifying and accrediting of classified and sensitive but unclassified information systems as well as Commercial Off The Shelf (COTS) and Government Off The Shelf (GOTS) products.
• 2 years of network and/or system administration.
• Experience with analysis and evaluation of both hardware and software in support of Intelligence Community (IC), Department of Defense, and other Federal Government Agencies.
• Experience applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resultant security risk analysis.
• Experience or knowledge of construction for a secure area, ICD 705
• Experience with Special Access Programs (SAP)
• Experience managing keying devices, lifecycle planning.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Program control processes or content for assessment artifacts in scope will include:

• Security Compliance & Policy Management: Implement and enforce security policies and procedures in alignment with the SAP security requirements, including adherence to JSIG, ICD 503, RMF, NIST SP 800-53, and other relevant guidelines.
• System Security Planning & Assessment: Develop, maintain, and enforce System Security Plans (SSPs) and Security Control Traceability Matrices (SCTMs) for assigned SAP systems. Lead the assessment and authorization process, ensuring systems maintain an Authority to Operate (ATO).
• Risk Management: Identify, analyze, and mitigate risks across SAP information systems. Perform continuous monitoring and risk assessments, providing recommendations to senior leadership on effective risk management strategies.
• Configuration Management: Assist with the implementation and management of configuration controls on SAP systems, ensuring that all changes follow secure baseline configurations and comply with the Configuration Management Plan.
• Documentation & Reporting: Assist and maintain accurate and detailed documentation of security activities, incident reports, risk assessments, and audit results. Provide periodic status reports to program leadership and government stakeholders.
• Continuous Monitoring: Develop and implement continuous monitoring strategies to assess SAP systems’ security postures actively. Conduct periodic system reviews, audits, and vulnerability scans to ensure ongoing compliance.
• Represent Microsoft in engagements with external entities and the U.S. Government.
• Required to travel a maximum of 25% to maintain system accreditation.

• Embody our