Information Systems Security Officer (ISSO)

About The Position

Requirements

• Strong understanding of DoD cybersecurity regulations, standards, and tools.
• Experience with RMF, vulnerability management, system hardening, and secure coding practices.
• Excellent communication and coordination skills across functional teams.
• Ability to assess, document, and mitigate cybersecurity risks in complex environments.
• U.S. Citizenship and active Top Secret/SCI clearance.
• It is essential the candidate has worked with accrediting special access required information systems as the nuances between it and collateral systems differ.
• DoDM 8140.03 Work Role Code 722 (Information Systems Security Manager), Intermediate Level.
• At least 5 years of experience supporting the full cybersecurity life cycle for DoD systems.
• At least 5 years of progressively complex experience in developing, integrating, and implementing cybersecurity and program protection standards for networks, computing environments, and application development.
• Hold at least one of the following: Security+, SSCP, GSEC, Cloud+, CGRC (CAP), CCSP, CASP+, CCISO and supported with required continuing education since issuance.

Nice To Haves

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering.
• Candidates possessing advanced certifications to meet Information Assurance Technical Level 3 certifications (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP) will be given preference.
• Experience with ATO packages, RMF documentation, vulnerability assessments, and continuous monitoring.
• Familiarity with DoD cyber compliance tools such as ACAS, eMASS, and HBSS.
• Experience with securing custom application development environments and DevSecOps practices.

Responsibilities

• Producing, developing, and maintaining all security authorization documentation—to include the System Security Plan (SSP), Plan of Action and Milestones (POA&M), Security Assessment Plan, and other artifacts required for the Security Authorization Package.
• Preparing and submitting the complete package to the Authorizing Official (AO) through the Security Control Assessor (SCA).
• Support Information Systems Security Managers (ISSMs) in executing cybersecurity responsibilities across assigned systems.
• Implement and enforce DoD cybersecurity policies and procedures for Information Systems (IS) and Platform IT (PIT) systems.
• Verify users possess the appropriate security clearances, access authorizations, and are trained in cybersecurity responsibilities before accessing DoD systems.
• Coordinate with ISSMs to initiate corrective actions or protective measures in response to cybersecurity incidents or vulnerabilities.
• Ensure proper reporting channels exist and are followed for all cybersecurity threats and events.
• Maintain up-to-date cybersecurity-related documentation and ensure accessibility to authorized users.
• Review and analyze reports from penetration tests, static code analysis, and vulnerability scans.
• Analyze network architecture, data flows, organizational charts, and personnel assignments for potential cybersecurity vulnerabilities.
• Participate in continuous improvement of system security postures and assist in securing custom-developed applications.
• Perform other duties as assigned.

Benefits

• Employee-Ownership
• Our Culture
• Our Values
• Continued success depends on it!