Important Notice for Applicants:
At Bixal, we want to ensure a transparent and secure application process for all candidates. Official communication will come from an email address ending in @bixal.com or from @bixal.na.teamtailor-mail.com. Messages from other sources may be fraudulent, and you should exercise care to avoid any links or attachments included.

Bixal will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

Need Assistance or a Reasonable Accommodation?
If you need assistance or a reasonable accommodation to complete your application, we're here to help. Please reach out to us at talent@bixal.com and let us know how we can support you. You do not need to share personal details or disclose the nature of your request.  You can expect a response from a team member within 24 hours during the regular work week and on the next operating day during the weekend or holidays.

Why Bixal?

Bixal is a consulting company headquartered in Fairfax, VA, working alongside governments and organizations to help them deliver better services and experiences to the communities they serve. Using evidence-based knowledge and technology, Bixal empowers clients to deliver on their missions more effectively by fostering a culture of learning and continuous improvement.

Our values:

• People-First: Emphasizing the importance of people in all aspects of work.

• Collaboration and Transparency: Valuing teamwork and open communication.

• Growth Mindset: Encouraging innovation and continuous improvement.

• Creating Lasting Impact: Focusing on meaningful outcomes and positive change.

About the role:

We are seeking a Security Engineer to serve in an Information System Security Officer (ISSO) capacity supporting a federal program for the General Services Administration (GSA). The ISSO will be responsible for maintaining the security posture of assigned systems, supporting the Authority to Operate (ATO) lifecycle, and ensuring compliance with federal cybersecurity standards.

The ideal candidate has at least 8 years of experience in information security or cybersecurity roles, including experience supporting federal information systems. The candidate should have a strong understanding of NIST Risk Management Framework (RMF) processes and be comfortable collaborating with engineering teams to manage vulnerabilities and maintain security compliance. Familiarity with GSA systems, policies, and security governance processes is a plus.

This is a full-time position contingent on contract award by our client, with a defined performance period of one year with two one-year option periods. This role offers you a unique opportunity to make a meaningful impact on a project that aligns with Bixal’s mission of delivering innovative, human-centered solutions. While the role has a fixed duration, we are committed to transparency and collaboration, keeping you informed about contract updates and new opportunities. At Bixal, we support your professional journey, ensuring your experience reflects our inclusive, purpose-driven culture and prepares you for future success.

Compensation:

The salary range for this role is $115,000 – $140,000. In the spirit of transparency, most offers tend to land near the midpoint of the range. We make compensation decisions thoughtfully, considering your experience, the skills you bring, and our commitment to internal equity. Fairness and transparency are core to how we operate.

Responsibilities:

Security Compliance & ATO Maintenance

• Serve as the designated Information System Security Officer (ISSO) for one or more federal information systems.

• Maintain documentation and artifacts required to support the Authority to Operate (ATO) and ongoing compliance activities.

• Complete required monthly and quarterly security checklists and maintain associated compliance documentation.

• Support continuous monitoring activities in accordance with the NIST Risk Management Framework (RMF).

Security Monitoring & Vulnerability Management

• Conduct or coordinate application and infrastructure security scans as needed.

• Monitor security findings from automated tools and external assessments.

• Collaborate with development and DevOps teams to prioritize, track, and remediate vulnerabilities.

• Maintain and update Plans of Action and Milestones (POA&Ms).

Governance & Security Coordination

• Represent the program in security briefings, governance forums, and compliance meetings.

• Coordinate with system owners, technical teams, and security stakeholders to ensure proper implementation of security controls.

• Support security assessments, audits, and compliance reviews conducted by federal security teams or third-party assessors.

Security Documentation

• Maintain and update system security documentation including:

  • System Security Plan (SSP)

  • POA&M

  • Security Assessment Reports

  • Continuous Monitoring artifacts

• Ensure documentation aligns with NIST 800-53 controls and federal security standards.

• Other relevant duties as assigned and qualified/trained to perform

Qualifications:

• Bachelor’s degree in Computer Science, Engineering, at least 8 years of experience in information security, cybersecurity, or related roles, or equivalent practical experience (12 years without degree).

• Experience serving as an Information System Security Officer (ISSO) or similar security role supporting federal systems.

• Working knowledge of NIST Risk Management Framework (RMF) and NIST 800-53 security controls.

• Experience supporting ATO lifecycle management for federal systems.

• Experience coordinating or reviewing security scans and vulnerability remediation efforts.

• Strong understanding of federal cybersecurity compliance and documentation requirements.

• Ability to work collaboratively with engineering teams to address security findings.

• Ability to obtain and maintain a Public Trust clearance.

Nice to Have Skills and Experience:

• Experience supporting GSA systems, platforms, or security governance processes.

• Familiarity with FedRAMP or cloud-based federal systems.

• Familiarity with the Cybersecurity Maturity Model Certification (CMMC) framework and related compliance practices.

• Experience working with modern web applications and DevSecOps practices.

• Knowledge of common security tools used in federal environments (e.g., SAST/DAST scanners, vulnerability management tools).

• CISSP

• CISM

• Security+

• Certified Authorization Professional (CAP)
  

How We Support Our Team:

• Flex hours

• 401K with matching incentive

• Parental Leave

• Medical/dental/vision benefits

• Flex Spending Account

• Company provided short-term disability and life insurance

• Commuter benefits

• Paid Time Off (PTO)

• 11 Paid holidays

Our company is committed to providing equal employment opportunities for all individuals and complies with all applicable federal, state, and local anti-discrimination laws. Employment decisions are based on merit, qualifications, and business needs.