25-1079: Information Security Systems Officer (ISSO)

About The Position

Requirements

• Minimum 5 years of experience as an ISSO.
• Bachelor’s degree in Information Technology, Computer Science, Engineering, or a related field from a U.S. Department of Education-accredited university (or equivalent experience).
• Security+ or equivalent/higher-level certification (current).
• Strong understanding of Information Security Policies and Procedures.
• Expertise in Risk Management Framework (RMF), Security Controls, Incident Response, Security Auditing, and Regulatory Compliance.
• Familiarity with FISMA, NIST SP 800-53 controls, and DOJ security policies.
• Proficiency in security tools, risk assessments, and vulnerability management.

Nice To Haves

• Knowledge of Security Incident Analysis and Forensics.
• Experience with Software Development Lifecycle (SDLC) security practices.
• Strong policy and memo writing skills.
• Effective problem-solving, time management, conflict resolution, and teamwork skills.
• Hands-on experience with CSAM, GRC tools, and automated security scanning tools.
• Ability to lead security compliance efforts across multiple systems.

Responsibilities

• Work with the System Owner and Director of IT Security to categorize systems, assess security controls, and document results.
• Assist in the annual re-assessment of Common Controls, ensuring compliance with DOJ policies.
• Ensure systems are accredited following the customer process to obtain Authority to Test (ATT), Authority to Operate (ATO), or Ongoing Authorization (OA).
• Develop and maintain security documentation, including System Security Plans (SSP), Security Assessment Plans/Reports (SAP/SAR), POA&Ms, and security authorization memorandums in CSAM.
• Conduct security control assessments, both manual and automated, and provide findings on control gaps, risk levels, and impacts.
• Establish and maintain audit trails, ensuring regular log reviews and compliance with DOJ/OIG policies.
• Monitor and execute operations and maintenance of information systems, including secure system disposal.
• Support the development of Privacy Impact Assessments (PIA), Interconnection Security Agreements, Risk Assessments, Configuration Management Plans, and Incident Response Plans.
• Conduct vulnerability scans, review security reports, and implement remediation strategies.
• Assist in continuous monitoring activities, aligning with DOJ’s Ongoing Authorization (OA) process and using DOJ’s GRC tools.
• Ensure all security assessment and audit reports are properly uploaded in CSAM.
• Participate in configuration management processes, policy audits, and system log reviews.
• Provide technical guidance and compliance oversight in alignment with FISMA, RMF, and NIST frameworks.