Cleared Information System Security Officer (ISSO) — L3

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or related field (or equivalent experience).
• 5+ years of cybersecurity, information assurance, or information systems security experience.
• Experience supporting DoD RMF processes and cybersecurity compliance efforts.
• Working knowledge of JSIG requirements and security artifacts.
• Working knowledge of NIST SP 800-53 security controls.
• Working knowledge of DoD RMF processes.
• Working knowledge of STIG implementation and compliance.
• Working knowledge of Vulnerability management processes.
• Active TS/SCI clearance.
• Current DoD 8570/8140 compliant certification such as: CISA, CASP+, CISSP, CISM.
• Must be within driving distance of Lorton, VA OR willing to relocate there (Relocation Assistance Package Available).
• Must be willing to work onsite.
• Must be willing and able to travel frequently.
• Excellent communication skills in writing and speaking.
• Ability to work independently and collaboratively in a mission-focused environment.
• Excellent problem-solving skills.
• Strong attention to detail and documentation accuracy.

Nice To Haves

• Experience supporting SAP, SCI, or other classified environments.
• Experience with Windows, Linux, and virtualized environments.
• Familiarity with Cross Domain Solutions (CDS).
• Experience with ACAS, Splunk, Tenable, Trellix ePO or similar cybersecurity tools.
• Knowledge of cloud security requirements within DoD environments.
• Experience supporting security assessments and authorization packages.
• Strong understanding of cybersecurity principles and risk management practices.
• Ability to interpret and apply JSIG and DoD cybersecurity requirements.
• Looking for a job where performance appraisals occur regularly, and you look forward to advancing your career.
• Seek a community of virtue-centered co-workers and clients.

Responsibilities

• Assist the ISSM in meeting their duties and responsibilities, and assume ISSM responsibilities in the ISSM’s absence.
• Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures outlined in the security authorization package.
• Verify that all users possess the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities prior to being granted access to the system.
• Report all security-related incidents to the ISSM.
• Conduct periodic reviews of information systems to verify continued compliance with the security authorization package.
• Serve as a member of the Configuration Control Board (CCB) when designated by the ISSM.
• Coordinate any changes or modifications to system hardware, software, or firmware with the ISSM and Authorizing Official/Designated Authorizing Official (AO/DAO) prior to implementation.
• Formally notify the ISSM and AO/DAO when changes occur that might affect the system’s security authorization.
• Monitor system recovery processes to confirm security features and procedures are properly restored and functioning correctly.
• Maintain an equivalent IAM Level 2 certification based on the DoD 8140 standard.
• Participate in joint agile backlog planning, providing feedback to the software development and infrastructure teams on high- and medium-risk items that require Information System Owner approval.
• Support the implementation and maintenance of cybersecurity requirements in accordance with JSIG, RMF, and applicable DoD policies.
• Assist in developing, maintaining, and updating RMF documentation including: System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Plans of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), Continuous Monitoring Plans.
• Ensure security controls are implemented and maintained in accordance with approved security baselines.
• Support security authorization efforts throughout the RMF lifecycle.
• Conduct continuous monitoring activities to maintain system authorization.
• Review and analyze vulnerability scan results from tools such as ACAS.
• Track remediation efforts and validate closure of identified vulnerabilities.
• Assist with risk assessments and development of mitigation strategies.
• Monitor system changes for security impact and support configuration management activities.
• Coordinate and support security audits, inspections, and assessments.
• Maintain security-related records, reports, and artifacts required for compliance reviews.
• Investigate and document cybersecurity incidents and assist with incident response activities.
• Ensure audit records are collected, reviewed, retained, and documented in accordance with security requirements, including any identified anomalies.
• Verify proper implementation of system hardening standards and security configurations.
• Work with information system security engineers to ensure secure system configurations.
• Review proposed system changes and evaluate security implications.
• Validate compliance with approved configuration baselines.
• Support enforcement of least privilege and separation of duties principles.
• Provide security guidance to system users and administrators.
• Maintain accurate cybersecurity documentation and records, ensuring all IS security-related documentation is current and accessible to properly authorized individuals.
• Prepare reports and briefings for program leadership, ISSM, and government representatives.
• Support internal and external cybersecurity assessments.
• Maintain evidence required for audits and authorization activities.

Benefits

• Competitive salaries
• Health benefits
• Flexible work arrangements
• Ongoing learning and development opportunities
• Relocation Assistance Package