Information System Security Office (ISSO)

Leidos•Chantilly, VA

1d•$131,300 - $237,350

About The Position

The Information System Security Officer (ISSO) is responsible for maintaining the security posture of assigned information systems in accordance with federal cybersecurity requirements including NIST SP 800-53, JSIG, RMF, and other applicable DoD and agency regulations. The ISSO will ensure compliance with security policies, manage system security documentation, conduct risk assessments, and support authorization processes.

Requirements

Active Top Secret Security Clearance.
CompTIA Security+.
Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent work experience).
Minimum of 3–5 years of experience in information system security, cybersecurity, or IT security management.
Experience supporting classified systems under the DoD Joint SAP Implementation Guide (JSIG) or ICD 503.
Strong knowledge of NIST SP 800-53, Risk Management Framework (RMF), and relevant DoD cybersecurity policies.
Experience with as eMASS, ACAS, Tenable/Nessus, Splunk, ManageEngine, or other compliance and vulnerability scanning tools.
Strong communication and documentation skills.
Understanding of networking, system administration, and security architecture principles.
Working knowledge of both Windows and Linux Operating systems.
Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker.

Nice To Haves

Experienced with Microsoft Word and Excel.
Experienced with Adobe Professional, or other PDF editing software.

Responsibilities

Implement, manage, and enforce cybersecurity policies and procedures for assigned systems.
Coordinate with stakeholders to support achieving Approval to Operate (ATO), continuous monitoring, and system decommissioning.
Develop and maintain system security plans (SSPs), risk assessments, contingency plans, Security Controls Traceability Matrixes (SCTM), and related documentation.
Monitor system security controls and continuously assess the security posture of the system.
Ensure compliance with applicable federal and DoD cybersecurity frameworks (e.g., NIST RMF, JSIG).
Conduct vulnerability scans and recognize information system vulnerabilities.
Review and analyze system audit logs to identify anomalous activity and potential threats to network resources.
Participate in security control assessments and coordinate with the Information System Owner (ISO), System Administrator (SA), and Security Control Assessor (SCA).
Report security incidents, conduct incident response coordination, and support remediation activities.
Maintain awareness of cybersecurity threats and recommend mitigation strategies.
Track Plans of Action and Milestones (POA&Ms) and ensure timely remediation.
Support customer inspections.
Provide security guidance and awareness to system users and technical staff.
Request and track standard and privileged system users.