Senior Security Analyst/ISSO

Title: Senior Security Analyst/Information Systems Security Officer (ISSO)

Location: Remote

Company Background

At APV, we’re more than a technology company — we’re a mission\-driven powerhouse transforming organizations through advanced technology and human ingenuity. Our expertise spans AI/ML, data architecture, low\-code/no\-code development, Agile DevSecOps, and cloud services, delivering scalable and meaningful solutions.

In our Emerging Technology Lab, innovation drives progress. Our teams create intelligent chatbots, AI\-powered assistants, robotic process automation (RPA), essay graders, and data analytics platforms. If you’re passionate about solving complex challenges and shaping the future, APV is the place for you.

Since 2007, we’ve partnered with federal and state agencies to deliver IT, training, and consulting solutions that achieve mission\-critical outcomes. Built on accountability, integrity, and quality, we go beyond expectations.

With 70\+ prime contracts and a proven record of client success, APV continues to grow — and we’re looking for exceptional talent to grow with us.

At APV, we Always Provide Value.

Role:

The Senior Security Analyst/Information Systems Security Officer (ISSO) will provide advanced cybersecurity, risk management, and system authorization support to the Department of Homeland Security (DHS) Office of the Chief Human Capital Officer (OCHCO). The Senior ISSO independently leads ATO and reauthorization cycles for assigned OCHCO Human Capital (HC) IT systems, drives continuous monitoring operations, leads incident response coordination, and serves as a senior point of contact for the System Owner, Authorizing Official (AO), Information System Security Manager (ISSM), the DHS CISO, the DHS Privacy Office, OCIO, and APV leadership.

This role applies the DHS 4300A Sensitive Systems Policy, FISMA, the NIST Risk Management Framework, NIST SP 800\-53, the Privacy Act, and DHS\-specific cybersecurity directives to high\-sensitivity HR/HC environments handling high\-volume PII, SPII, payroll, benefits, medical, and disability data. The Senior ISSO drafts and reviews authorization documentation, leads security workstreams on the OCHCO HC Systems Modernization Program, mentors mid\-level specialists, and produces executive\-grade security briefings for OCHCO and DHS leadership.

Duties:

The Senior Security Analyst/ISSO will:

### ATO Lifecycle Leadership \& Security Documentation

• Independently lead Authorization to Operate (ATO) and reauthorization cycles for assigned OCHCO HC IT systems, including security control assessment coordination, residual risk analysis, AO briefings, and ongoing authorization decisions.
• Apply the DHS 4300A Sensitive Systems Policy, the DHS 4300A Sensitive Systems Handbook, the NIST Risk Management Framework (NIST SP 800\-37\), and NIST SP 800\-53 controls across the HC system lifecycle.
• Draft and maintain Security Authorization Package (SAP) artifacts, including the System Security Plan (SSP), Security Assessment Plan, Security Assessment Report (SAR), Plan of Action and Milestones (POA\&M), Contingency Plan, and Incident Response Plan.
• Apply FIPS 199 and FIPS 200 categorization to HC systems and tailor NIST SP 800\-53 baselines (typically Moderate or High) accordingly.
• Coordinate Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) inputs with the DHS Privacy Office, including SORN updates for HR systems of records.

### Continuous Monitoring, Risk Management \& Vulnerability Operations

• Lead the DHS Information Security Continuous Monitoring (ISCM) program for assigned OCHCO HC systems, including vulnerability identification, risk\-based prioritization, and remediation tracking through POA\&M closure.
• Operate and analyze SIEM platforms (Splunk, AWS Security Hub, Microsoft Sentinel, or comparable), vulnerability scanners (Nessus, Qualys, or comparable), and endpoint protection tooling for OCHCO HC environments.
• Lead Continuous Diagnostics and Mitigation (CDM) integration, asset and vulnerability dashboards, and risk reporting in alignment with DHS CDM program requirements.
• Conduct security assessments, audits, and control testing on assigned HC systems.
• Lead risk\-based decision support for the AO, including documented risk acceptance, mitigation, transfer, and avoidance recommendations.

### HC System Migration \& Cloud Security Leadership

• Lead security workstreams on the OCHCO HC Systems Modernization Program, including security architecture reviews of integration interfaces, cloud security posture management for AWS GovCloud and Azure Government environments, and ATO planning for the modernized target\-state HC platform.
• Advise integration teams on security best practices for REST/SOAP APIs, SFTP file transfers, ETL/ELT pipelines, and iPaaS\-based integrations involving HR data.
• Apply NIST SP 800\-218 Secure Software Development Framework (SSDF), DevSecOps pipeline security, and software supply chain risk management principles to HC modernization activities.
• Apply FIPS 140\-2 / 140\-3 cryptographic standards, federal identity and access management standards, and DHS boundary protection requirements to HC system data flows.
• Support FedRAMP coordination for cloud\-based HC services where applicable.

### Privacy, Incident Response \& Stakeholder Coordination

• Coordinate breach response for incidents involving employee PII, SPII, payroll, benefits, medical, or disability data with the DHS Privacy Office, OGC, and OCHCO leadership.
• Support incident response activities for OCHCO HC systems, coordinating with the DHS Security Operations Center (SOC), CISA, and component cybersecurity teams to triage, contain, and remediate security incidents.
• Report incidents in accordance with US\-CERT incident reporting guidelines and DHS reporting timelines.
• Lead post\-incident analysis, lessons\-learned documentation, and corrective action tracking.
• Maintain incident response readiness through tabletop exercises, playbook updates, and team coordination drills tailored to HC data scenarios.

### Stakeholder Advisory, SOP Development \& Mentorship

• Serve as a senior consultative resource to OCHCO leadership, the System Owner, AO, ISSM, the DHS CISO, the DHS Privacy Office, OCIO, integration teams, and APV leadership.
• Mentor mid\-level ISSO specialists; review their work products for technical quality, documentation rigor, and standards compliance.
• Draft and maintain SOPs, desk guides, control implementation guidance, and security training materials.
• Prepare executive\-grade briefings, decision papers, status reports, and risk dashboards for OCHCO and DHS leadership.
• Build and maintain SharePoint\-based knowledge repositories, ATO artifact libraries, and security knowledge bases.

Education:

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field; Master's degree preferred. Equivalent senior federal cybersecurity experience may substitute based on contract terms.

Required Experience and Skills:

• U.S. Citizenship.
• Active DHS Public Trust or favorably adjudicated investigation; ability to obtain and maintain required suitability/access throughout the period of performance. Some DHS task orders may require Secret or Top Secret clearance.
• Minimum 8\-10 years of experience in cybersecurity, risk management, and compliance for federal IT systems, including significant time as an ISSO or comparable security lead.
• Demonstrated experience leading ATO and reauthorization cycles end\-to\-end, including SSP, SAR, POA\&M, and Contingency Plan development.
• Working knowledge of FISMA, the NIST Risk Management Framework (NIST SP 800\-37\), NIST SP 800\-53, FIPS 199/200, OMB A\-130, the Privacy Act of 1974, and federal cybersecurity directives.
• Hands\-on experience with SIEM tools (Splunk, AWS Security Hub, Microsoft Sentinel, or comparable), vulnerability scanning (Nessus, Qualys, or comparable), and endpoint protection.
• Experience with cloud security in AWS GovCloud and/or Microsoft Azure Government environments.
• Strong knowledge of DHS cybersecurity frameworks, including the DHS 4300A Sensitive Systems Policy and Trusted Internet Connections (TIC 3\.0\) requirements.
• Strong written and verbal communication skills, including the ability to brief senior stakeholders and produce defensible, audit\-ready security documentation.

Preferred Skills:

• Prior experience supporting OCHCO, OPM, federal HR shared services, or other federal Human Capital cybersecurity programs.
• Experience supporting cybersecurity for federal HR systems, including NFC EmpowHR, USA Staffing, FedTalent, OPM eOPF, OPM Retirement Services Online, webTA, BENEFEDS, or TSP integrations.
• Experience supporting HC system migrations or modernization programs, including ATO planning for target\-state platforms.
• Prior experience supporting DHS or DHS component cybersecurity programs.
• Experience supporting DHS CDM, TIC 3\.0, and Federal Zero Trust Strategy implementation under OMB M\-22\-09\.
• Certifications such as CISSP, CISM, CISA, CRISC, AWS Security Specialty, Azure Security Engineer Associate, or CompTIA CASP\+.
• DoD 8570/8140 IAT Level III, IAM Level II/III, or IASAE Level II/III qualification.
• Experience with NIST SP 800\-218 Secure Software Development Framework (SSDF) and DevSecOps pipeline security.
• Experience supporting Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), and SORN activities with the DHS Privacy Office.

About APV

APV is an Equal Employment Opportunity employer. All qualified applicants are considered without regard to race, national origin, gender, age, religion, disability, sexual orientation, veteran status, or marital status.