Information System Security Officer (ISSO)

About The Position

Requirements

• Active Top Secret clearance with SCI eligibility is required.
• 5 years hands-on experience with security controls and compliance frameworks (e.g. Risk Management Framework (RMF), NIST, FISMA, etc.), developing and maintaining System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms) and other security documentation.
• Strong understanding of Security Technical Implementation Guides (STIGs) and hardening of systems.
• Strong experience as an Information System Security Officer (ISSO) or similar role within a SCIF or other highly secure government environments.
• Proven ability to implement, manage, and monitor security controls, assess vulnerabilities, and mitigate security risks.
• Hands-on experience with vulnerability management tools, SIEM solutions, and continuous monitoring technologies.
• Familiarity with security incident response procedures, including root cause analysis and remediation.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication and collaboration skills to work effectively with technical teams and senior leadership.

Nice To Haves

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
• Experience with classified systems accreditation processes and Continuous Diagnostics and Mitigation (CDM).
• Familiarity with security automation tools and processes.

Responsibilities

• Implement and maintain security controls in accordance with government regulations, such as NIST 800-53, FISMA, and DoD Risk Management Framework (RMF).
• Monitor, evaluate, and maintain the security posture of systems, ensuring compliance with Security Technical Implementation Guides (STIGs) and other relevant security requirements.
• Develop and update System Security Plans (SSPs), Risk Assessments, Plan of Action and Milestones (POA&Ms), and other documentation to reflect the current system security state.
• Collaborate with system administrators, network engineers, and other IT staff to identify, mitigate, and document risks associated with system vulnerabilities and security threats.
• Ensure continuous monitoring of systems by reviewing audit logs, conducting vulnerability scans, and assessing the effectiveness of existing security controls.
• Provide support for security assessments and accreditation processes, ensuring that security controls are properly implemented and verified.
• Lead security control assessments and assist with audits and inspections from internal and external agencies.
• Serve as the point of contact for all system security-related matters and provide guidance to system owners on maintaining compliance with security regulations.
• Conduct regular security briefings and training to staff on the importance of maintaining security best practices within the SCIF environment.
• Respond to and manage security incidents, coordinating with relevant stakeholders to perform root cause analysis and remediation.
• Ensure that systems and networks comply with the Continuous Monitoring Program (CMP) and Incident Response Plan (IRP) for rapid detection and response to security events.

Benefits

• Traditional and HSA- eligible medical insurance plans
• 100% employer-paid dental and vision insurance options
• 100% employer-sponsored STD, LTD, and life insurance
• 5% 401(k) company matching
• Flexible-schedules and teleworking options
• Paid holidays and PTO Accrual Plans
• Paid Parental Leave
• Professional development and career growth opportunities
• Team and company-wide events, recognition, and appreciation-- and so much more!