iAdeptive Technologies is seeking a senior ISSO/Cloud Security & DevSecOps Engineer to lead the security authorization for a FedRAMP High environment supporting a federal health agency. The role requires strong AWS and DevSecOps skills, as well as the ability to set the direction for the company's cybersecurity posture.
Responsibilities:
- Serve as ISSO for a FedRAMP High environment, owning the authorization package and driving it through attainment and ongoing authorization on an accelerated timeline
- Author and maintain the System Security Plan (SSP), control narratives, and supporting artifacts against NIST 800-53 and agency security baselines
- Manage Plans of Action and Milestones (POA&Ms), track remediation to closure, and maintain audit-ready evidence
- Lead Assessment and Authorization (A&A) activities and serve as the security point of contact for assessors and oversight
- Establish and operate continuous monitoring, including vulnerability scanning, configuration compliance, and security event review
- Operate as an embedded member of the cloud and platform team, participating in the backlog, standups, and pipeline alongside the engineering staff
- Implement and validate security controls in AWS GovCloud, including IAM, logging, encryption, network security, and configuration compliance
- Build and harden the CI/CD pipeline, embedding security gates, scanning, and automated evidence collection through policy-as-code
- Author and review infrastructure-as-code to enforce secure configuration by default
- Automate compliance and monitoring to support continuous authorization and efficient post-ATO sustainment
- Set the direction for the company’s enterprise zero-trust and cybersecurity strategy, standards, and policies
- Provide security oversight across the organization, including identity, access, endpoint, and network security posture
- Guide the adoption of security best practices company-wide and advise leadership on cyber risk
Requirements:
- Proven ISSO/ATO experience in a federal environment
- Direct, hands-on ISSO experience in a federal environment, including at least one system taken through Assessment and Authorization (A&A) to an ATO
- Strong command of NIST 800-53, the RMF, FedRAMP, and FISMA, with the ability to author control narratives accepted by assessors
- Experience managing POA&Ms, continuous monitoring, and audit-ready evidence
- Hands-on AWS engineering experience, including IAM, encryption, networking, and configuration compliance (GovCloud preferred)
- Hands-on DevSecOps experience building and securing CI/CD pipelines, infrastructure-as-code, and security automation
- A track record of working within an engineering team and delivering implementation work, not solely security review
- Clear technical writing and the ability to communicate effectively with both engineers and assessors
- Experience defining zero-trust or enterprise security strategy, standards, and policy at an organizational level
- Ability to advise leadership on cyber risk and drive security best practices across a company
- Bachelor's degree in computer science, information security, a related field, or equivalent professional experience
- 7+ years across information security and cloud/DevSecOps, including hands-on ISSO experience with a system taken through A&A to ATO
- Security certification such as CISSP, CISM, CAP, or AWS Security – Specialty
- AWS certification (Solutions Architect, SysOps, or DevOps Engineer)
- Experience with container security, Terraform, and federal compliance or authorization tracking tooling
- Familiarity with ISO/IEC 42001 or AI risk frameworks where AI systems fall within the authorization boundary