Information Security Systems Officer (ISSO) Support Specialist (VA/CA)

About The Position

Requirements

• Must have an active Secret Clearance to be considered
• Must be within 1 hour of Alexandria, VA or Seaside, CA
• 6+ years of experience supporting RMF programs within DoD or federal environments.
• Hands‑on experience with eMASS (package maintenance, workflows, artifact association).
• Familiarity with POA&M management, ATO Terms and Conditions, and RMF governance processes.
• Understanding of DoD cybersecurity requirements, NIST SP 800‑53 controls, STIGs, and DHA/DHRA RMF processes.
• Ability to interpret compliance documentation, assess system boundary requirements, and evaluate risk.
• Experience with Microsoft Project, SharePoint, MS Teams, and ServiceNow.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
• Strong analytical, organizational, and documentation skills.
• Ability to work collaboratively with interdisciplinary teams and federal stakeholders.
• Must be able to pass background screening prior to employment.
• US Citizenship, legal permanent residence, or US work authorization with a minimum of 3 years of US presence is required due to federal contract requirements.
• Ability to work on‑site at Seaside or Mark Center for SIPR‑related activities.
• Active Secret clearance required; ability to obtain TS/SCI preferred.
• Reliable internet (50 Mbps down / 25 Mbps up) and a secure remote work environment.

Nice To Haves

• Experience supporting DMDC, DHRA, DHA, or similar DoD components.
• Familiarity with DHA ATC workflows and cloud‑hosted system RMF requirements.
• Experience developing process documentation, governance artifacts, or compliance KPIs.
• Knowledge of central logging requirements and boundary‑level cybersecurity controls.

Responsibilities

• Monitor RMF authorization status in eMASS and track required actions to obtain and sustain system/application authorization.
• Advise stakeholders on DoD cybersecurity and ATO requirements; identify missing or incomplete information in eMASS.
• Create and maintain eMASS entries, ensuring artifacts are properly associated with applicable CCI security controls.
• Develop STIG/control crosswalks to map controls to system functionality and determine control impact.
• Update eMASS controls and POA&Ms using supporting documentation; ensure POA&M entries remain current and submit closure/extension workflows.
• Explain non‑compliant controls and recommend remediation strategies; coordinate updates and communication within CSD.
• Serve as liaison between Program/Product Owners and CSD stakeholders to coordinate eMASS activities and information flow.
• Provide subject matter expertise on RMF policy, eMASS usage, and DoD cybersecurity requirements.
• Identify efficiencies and apply approved templates or repeatable methods for shared requirements across applications.
• Support Program/Product Owners during assessments, validations, and audits, including eMASS access and clarifications.
• Organize and manage RMF meetings, including scheduling, agendas, meeting notes, and artifact storage.
• Conduct quality assurance reviews of RMF submissions (e.g., ACAS scans, network diagrams, PPSM documentation, HW/SW lists, STIGs, POA&Ms).
• Participate in Cyber Compliance Meetings as required.
• Provide expertise on cATO, PPSM documentation, network traffic diagrams, and RMF control remediation.
• Conduct risk analysis of ATO packages and provide prioritized remediation recommendations; contribute to ISSO Reports with recommended ATO conditions.
• Conduct quarterly sampling of documentation against applicable security controls and evaluate risk to the DODIN; coordinate reviews with Program/Product Owners and the ISSM.
• Develop Security Assessment Plans (SAPs) and Security Assessment Reports (SARs) in collaboration with Program/Product Owners and the ISSM.
• Other duties may be assigned.