Information System Security Officer (ISSO)

About The Position

Requirements

• Active TS/SCI clearance with CI Polygraph
• At least five (5) years of experience in information security roles, with specific expertise supporting classified networks
• Current CISSP, CISM, or equivalent cybersecurity certification
• Demonstrated knowledge of US Government cybersecurity frameworks and standards
• Hands-on experience with on-premise web-based applications in secure, virtualized environments

Nice To Haves

• Bachelor's degree

Responsibilities

• Develop, implement, and maintain the System Security Plan (SSP) and related authorization documentation for RM-Online, including continuous monitoring plans and incident response procedures.
• Conduct regular risk assessments, vulnerability scans, and security control assessments to identify and remediate threats to classified information handled by the system.
• Coordinate with ITD Lead on Certification and Accreditation (C&A) processes to achieve and sustain Authority to Operate (ATO) status on USG mission network.
• Manage user access controls, authentication mechanisms, and audit logging aligned with USG mission network protocols, ensuring least privilege and role-based access.
• Respond to security incidents, perform root cause analysis, and implement corrective actions within established timelines (e.g., 24-72 hours for critical incidents).
• Provide security awareness training to system users and maintain compliance with USG security standards, including handling of classified data.
• Support system updates, patches, and enhancements by evaluating their impact on security controls and integrating them without compromising the USG mission network environment.
• Design and implement technical security architectures for RM-Online, ensuring secure integration with the agency's existing USG mission network infrastructure, including network segmentation, encryption protocols, and access control mechanisms.
• Engineer and configure security controls (technical, operational, and management) as documented in the System Security Plan (SSP), ensuring alignment with NIST 800-53 baseline requirements and agency-specific security policies.
• Conduct security engineering assessments during system development, deployment, and modification phases, identifying vulnerabilities and recommending mitigations prior to operational deployment.
• Collaborate with development teams to incorporate security requirements into the Software Development Lifecycle (SDLC), including secure coding practices, threat modeling, and security testing (e.g., penetration testing, code reviews).
• Implement and maintain cryptographic solutions, Public Key Infrastructure (PKI), and encryption standards for data at rest and data in transit within the classified environment.
• Evaluate and integrate security patches, updates, and system changes, ensuring they do not introduce new vulnerabilities or degrade existing security posture.
• Support the Certification and Accreditation (C&A) process by providing technical documentation, security test results, and remediation plans to achieve and sustain Authority to Operate (ATO) on USG mission network.
• Monitor and analyze system logs, intrusion detection/prevention system (IDS/IPS) alerts, and security events to identify anomalies, investigate potential breaches, and recommend corrective actions.
• Deliver technical security training and knowledge transfer to system administrators and end users as required to maintain operational security awareness.

Benefits

• flexible time off
• robust learning resources
• comprehensive benefits
• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits