Job Description

Federal Cloud Information Systems Security Officer (ISSO) – Tenable / Air-Gapped Environment -- (Clearance Required, Secret) MD, OK, UT, PA, ALThis role has been designated as ‘Remote/Teleworker’, which means you will primarily work from home.

Works with a cross-functional team to solve complex technical and cybersecurity challenges across a broad range of technologies (Servers, Storage, Network, and SAN) while delivering secure Cloud Services solutions to federal customers.

The Federal Cloud ISSO will serve as a key member of the SecOps Engineering function, responsible for ensuring the security, compliance, and operational effectiveness of classified cloud environments. This role has direct responsibility for Tenable (Tenable.sc / Nessus) vulnerability scanning operations within an air-gapped architecture, supporting ATO/RMF compliance, continuous monitoring, and audit readiness.

The ideal candidate brings a strong combination of ISSO oversight, hands-on vulnerability management, and secure cloud engineering experience, with the ability to operate in classified, disconnected environments where updates, scanning, and reporting processes must be managed manually and securely.

This role requires deep knowledge of federal security frameworks, a strong automation mindset, and the ability to operate in a fast-paced, mission-critical environment.

US Citizenship required

Clearance Required: Secret or Top Secret

Location: MD, OK, PA, UT, AL

This is a hybrid teleworker role. Employee will be required to travel to the customer site as needed, usually 2 or 3 times a week.

Schedule: M-F, 9am to 5pm. Candidate must be flexible to work evenings and weekends if required

Responsibilities include:

Security Operations & ISSO Functions

• Serve as primary ISSO supporting ATO, RMF, and continuous monitoring activities
• Develop and maintain ATO artifacts (SSP, POA&M, SAR, control narratives) aligned to NIST 800-53
• Ensure compliance with DISA STIGs and federal security standards
• Support audits and assessments, including evidence collection and vulnerability closure validation

Tenable / Vulnerability Management (Primary Focus)

• Own and operate Tenable platform and distributed Nessus scanners in an air-gapped environment
• Configure scan policies, audit files, credentials, repositories, and scan zones
• Execute and manage:
  • Credentialed vulnerability scans
  • STIG compliance scans
  • Port and discovery scans
• Manage offline plugin and audit content updates in accordance with air-gapped constraints
• Ensure full asset coverage, scan accuracy, and remediation tracking across all environments
• Generate and deliver vulnerability reports supporting ATO and DISA reporting requirements
• Analyze scan results to identify false positives, credential failures, and scan gaps
• Translate scan findings into POA&M entries and track remediation to closure

Air-Gapped Security Operations

• Maintain secure operations within a disconnected/isolated environment (no outbound connectivity)
• Manage manual update processes for plugins, definitions, and audit content
• Ensure proper segmentation, scanner placement, and network reachability for scan execution
• Support data export, sanitization, and reporting workflows for external consumption

Threat Detection & Incident Response

• Monitor logs, alerts, and scan outputs to detect security events
• Support incident response lifecycle: detection, containment, eradication, recovery
• Correlate vulnerability data with active threats and mission risk

Collaboration & Engineering Integration

• Work with Cloud, Network, and Platform Engineering teams to:
  • Integrate security into system design
  • Remediate vulnerabilities
  • Improve hardening baselines
• Provide technical guidance on secure configurations and STIG implementation

Automation & Optimization

• Automate vulnerability management, reporting, and compliance processes
• Improve efficiency in scan execution, data parsing, and remediation workflows
• Contribute to continuous improvement of security posture

Knowledge and Skills:

Technical Knowledge

• Networking: TCP/IP, DNS, firewalls, segmentation, secure enclaves
• Operating Systems: Windows Server, Linux (RHEL, Ubuntu), system hardening
• Security Tools:
  • Tenable.sc / Nessus (expert-level required)
  • SIEM (Splunk, Elastic, QRadar)
  • Endpoint security (CrowdStrike, SentinelOne)
• Cloud & Hybrid Security: AWS GovCloud, Azure Government, hybrid cloud architectures
• Strong knowledge of:
  • NIST RMF / 800-53 controls
  • DISA STIGs and SRGs
  • ATO lifecycle processes

Vulnerability Management Expertise

• Scan policy development and tuning
• Credentialed vs non-credentialed scanning
• STIG audit file management and compliance validation [DINO PCED...Procedures | Word]
• Risk prioritization based on mission impact (not just CVSS)
• POA&M lifecycle management

Practical Skills:

• Incident Response & forensic analysis
• Vulnerability assessment and remediation tracking
• Security hardening across OS, applications, and network devices
• Log analysis, event correlation, and threat intelligence integration
• Strong troubleshooting and root cause analysis

Preferred Skills

• Scripting (Python, Bash, PowerShell)
• Experience operating in classified or air-gapped environments
• Experience supporting DISA or other DoD customers
• Familiarity with eMASS and ATO documentation systems

Education and Experience Required:

• US Citizen, Secret Clearance Required
• Certifications Required
  • DD8750 -Security Plus or higher Security Certification (CISSP, CASP, etc)
  • One or more of the following:
    • AWS Certified Solution Architect
    • Microsoft Certified Azure Solution Architect
    • Google Certified Professional Cloud Architect
  • Operating systems Level certifications are a plus
• Bachelor's degree preferred or Associate degree holder (technical field) with 6- 8years working experience in related fields desired.

#unitedstates

#federalcleared

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

#unitedstates#operations

Job:

Services

Job Level:

TCP_05"The expected salary/wage range for this position is provided below. Actual offer may vary from this range based upon geographic location, work experience, education/training, and/or skill level.
– United States of America: Annual Salary USD 105,500 - 243,000 in Alabama & Maryland & Oklahoma & Pennsylvania & Utah
The listed salary range reflects base salary. Variable incentives may also be offered." "The expected salary/wage range for this position is provided below. Actual offer may vary from this range based upon geographic location, work experience, education/training, and/or skill level.

Information about employee benefits offered in the US can be found at https://myhperewards.com/main/new-hire-enrollment.html

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

Recruitment Fraud Alert

We have become aware of an increase in fraudulent recruitment activities in which individuals impersonate our company or authorized recruitment agencies to offer fake employment opportunities. These scams may occur through false websites, emails, social media, or chat-based applications and often aim to obtain personal information or money. Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge a candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process. We also never request personal information such as back account details, Social Security numbers, or national IDs via social media or chat applications.

All legitimate job opportunities will come through official company channels, and candidates are responsible for verifying the credentials of any third party claiming to represent the company. Any reliance on fraudulent communication is at the individual’s own risk, and HPE disclaims legal liability for any resulting damages. If you suspect recruitment fraud, do not share personal information or make any payments and report the incident to your local authorities immediately.