Information System Security Officer (ISSO)

About The Position

Requirements

• BA/BS Degree or equivalent experience in lieu of degree.
• 10+ years of related experience.
• Progressive experience in information assurance and cybersecurity roles.
• A minimum of 5 years of direct, hands-on experience as an ISSO or ISSM.
• Must possess a current and active Top Secret (Sensitive Compartmented Information [SCI] eligibility).
• Expert-level knowledge of the complete NIST SP 800 series (especially 800-37, 800-53, 800-30) and risk management principles.
• Must be DoD 8140 / 8570.01-M compliant.

Nice To Haves

• A CISSP (Certified Information Systems Security Professional) is strongly preferred.
• Hands-on experience with security and GRC tools such as ACAS (Tenable.sc/Nessus), Splunk, Grafana, ServiceNow, eMASS, and Xacta.
• Deep understanding of network architecture, firewall configurations, and the PPSM process.
• Understanding of Microsoft Active Directory and implementing controls via Group Policy.
• CDS authorization processes and policies of the Intelligence Community (IC), Department of Defense (DoD), and SLED entities.

Responsibilities

• Lead A&A Execution: Shepherd complex cloud service offerings, and Cross Domain Solutions (CDS) as needed, through the entire respective FedRAMP/DOD IL6 and RMF lifecycle to obtain and maintain the applicable authorizations.
• Develop, author, and maintain a comprehensive body of evidence for A&A packages.
• Take full ownership of the monthly and overall FedRAMP/DOD IL6, DOD CDS, and IC Continuous Monitoring requirements.
• Act as the primary technical interpreter of security requirements/controls, ensuring all network solutions and system architectures strictly adhere to mandates.
• Review system designs, network architectures, and proposed changes to ensure security principles are integrated from the ground up.
• Work with security engineering to implement and validate security controls.
• Proactively identify and assess vulnerabilities using tools like Tenable Nessus.
• Conduct in-depth firewall rule reviews, analyze network architecture for security flaws.
• Conduct comprehensive security control audits, traditional security reviews, and formal inspections.
• Meticulously review artifacts, logs, and system configurations to ensure they provide sufficient evidence of compliance.
• Coordinate and/or participate in security testing and penetration testing activities.
• Design, implement, and manage a robust continuous monitoring program.
• Leverage tools like Splunk, Grafana, eMASS, Xacta, and ServiceNow to aggregate, analyze, and report on security data.
• Perform formal risk assessments and analysis, identifying and documenting potential threats and vulnerabilities.
• Enable the ISSM and the incident response team with artifacts, providing in-depth system knowledge and security expertise during incident handling and analysis.

Benefits

• Comprehensive benefits and wellness packages.
• 401K with company match.
• Competitive pay and paid time off.
• Full flex work weeks where possible.
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• Short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance.