Information Systems Security Officer (ISSO) - Senior

Modern Technology Solutions Inc•Dayton, OH

36d•Hybrid

About The Position

Modern Technology Solutions Inc. is seeking a highly experienced Information Systems Security Officer (ISSO) to lead cybersecurity efforts for an AFLCMC program office. This role focuses on ensuring compliance with laws, regulations, and security requirements while implementing strategic and technical cybersecurity solutions. Responsibilities include assessing system confidentiality, integrity, and availability, evaluating threats and vulnerabilities, developing Plans of Action and Milestones (POA&M), and submitting authorization packages. Additionally, the ISSO will collaborate with development teams to design, integrate, and enhance information systems while recommending mitigation strategies for emerging security challenges. The ideal candidate will bring expertise in the Risk Management Framework (RMF), system administration, and program management. This hybrid position requires managing systems at the Secret, SCI, and SAP levels while balancing strategic governance and hands-on technical maintenance. The candidate must effectively engage with stakeholders ranging from end-users to Authorizing Officials (AO) while maintaining a resilient cybersecurity posture in response to evolving threats.

Requirements

Must be a U.S. Citizen
Active Top-Secret Security Clearance with ability to obtain SCI
Certifications required: COMPTIA Security + / CISSP
A Master of Arts/Master of Science/Master of Engineering MA/MS/ME degree
Years of experience may be considered in lieu of a masters degree
Have no less than three (3) years’ experience in a Special Access Program (SAP) and/or Sensitive Compartmented Information (SCI) environment within the last five (5) years
Possess minimum of 10 years of relevant work experience
Minimum of 2-5 years of experience in ISSO roles
Proficiency in using security tools and technologies, such as firewalls, intrusion detection/prevention systems, SIEM, and endpoint protection.
Knowledge of network security, application security, and endpoint security principles.
Understanding of operating systems (Windows, Linux, etc.) and their security configurations.
Familiarity with cloud security best practices
Familiarity with RMF process
Experience with Spunk or other similar applications
Experience with security compliance and regulatory requirements.
Strong analytical and problem-solving abilities.
Capability to analyze complex security issues and develop practical solutions.
Excellent written and verbal communication skills.
Ability to effectively communicate technical information to non-technical stakeholders
Experience working in a DoD program or product acquisition office or environment
Proficiency with Windows, Linux, and/or VMware administration.
Knowledge of network security principles and tools.
Experience with DISA STIG implementation, RMF compliance processes, and vulnerability assessment tools (Nessus, Splunk, HBSS).

Nice To Haves

DESIRED AWS certification (e.g., AWS Solutions Architect Associate or Professional)
In-depth experience supporting government environments, especially within the DoD.
Advanced scripting skills for task automation (e.g., PowerShell, Python).
Ability to multitask, prioritize, and manage time efficiently
Experience working in a DoD program or product acquisition office or environment

Responsibilities

Security Policy Implementation: Develop, implement, and enforce security policies, standards, and procedures to ensure the protection of information systems.
Configuration Management: Ensure that all information systems are configured securely according to organizational policies and best practices.
System Patching: Perform system patching in response to IAVAs and other security findings and requirements
Risk Management: Conduct risk assessments to identify and mitigate potential security threats. Assess the impact of changes in the IT environment and update the risk management framework accordingly.
Security Compliance: Ensure that information systems comply with relevant government and industry standards, such as NIST, FISMA, and DoD regulations. Prepare and maintain documentation to demonstrate compliance.
Continuous Monitoring: Implement continuous monitoring processes to detect and respond to security vulnerabilities and threats. Utilize tools like SIEM (Security Information and Event Management) to monitor system activities.
Security Audits: Conduct regular security audits and assessments to evaluate the effectiveness of security measures and identify areas for improvement.
Collaboration: Work closely with other IT and security professionals to ensure a coordinated approach to cybersecurity. Liaise with external stakeholders, such as auditors and regulatory bodies, as needed.
Documentation: Maintain comprehensive documentation of security policies, procedures, and measures taken to secure information systems. Prepare reports for management on security status and incidents.
Security Enhancements: Recommend and implement security enhancements to improve the overall security posture of the organization. Stay updated with the latest security trends and technologies.
Oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.