Information Systems Security Officer

Marathon TS is seeking an Information Systems Security Officer to assist a Top Federal Agency with critical security advisory services, combined with hands-on tool experience. This role requires a true security professional, not just a compliance paper pusher. You will provide deep knowledge, stay updated on federal guidance, regulations, and best practices, and bring value to the team. Cyber threats are pervasive and constantly evolving, making understanding them complex for government agencies. Your expertise as an information security risk specialist will help translate complex threats into manageable plans of action.

As an information security risk officer (ISSO), you will think like an auditor, ensuring controls are in place and processes balance operational needs with risk. You will help discover cyber risks, understand policies, develop mitigation plans, and manage them. You will drive the overall FISMA and ATO processes for the agency across multiple work areas. This is an opportunity to build experience in strategic information security and develop cybersecurity assessment skills. Join us as we protect our nation's cyber infrastructure.

Empower change with us.

• 5+ years of experience with security control assessments (e.g., internal IT auditor, FedRAMP assessor/3PAO, Test/Evaluation Assessor, control pre-audit expert)
• 2+ years of experience in a lead role
• 3+ years of experience managing project schedules and developing deliverables using established client templates
• 3+ years of experience developing and implementing risk management strategies
• Knowledge of NIST SP 800 series, testing NIST 800-53 controls, 800-37
• Deep understanding of internal control requirements from NIST 800-53r5 or COBIT IT Audit concepts
• Experience documenting System Security Plan controls
• Exposure to FIPS199, IPA, PIA, CMP, CP, E-Auth, and ATO processes and documentation
• Ability to articulate latest OMB, CISA mandates, Executive Orders, Zero Trust concepts, NIST, FIPS requirements
• Ability to present IT security risk to executive management
• Ability to work independently and within a multi-disciplinary team
• Eligibility to obtain and maintain a Public Trust or Suitability/Fitness clearance
• Hands-on experience with Tanium, Qualys Web Application Scanners, VeraCode, ServiceNow, AWS Security, Azure Security (preferred)

• Experience assessing security controls in cloud environments (AWS, Azure)
• Certifications such as CISSP, CISM, or CISA

Applicants will undergo a government investigation and must meet eligibility requirements of the U.S. government client. A Green Card is preferred but may be allowed; US citizenship is preferred.

Marathon TS is committed to fostering a diverse and inclusive work environment. Employment decisions are based on merit, qualifications, and abilities. We do not discriminate based on race, color, creed, religion, sex, national origin, disability, age, or other protected statuses.