Information Systems Security Officer (ISSO)

About The Position

Requirements

• Bachelor’s degree in cybersecurity, computer science, information assurance, or a related field
• 5-15 years of experience in information systems security, cybersecurity, or related fields
• Hands-on experience with the JSIG and AFIC TS/SCI ATO development process
• 8570/8140 IAT Level 1 certification minimum
• Knowledge of Security Frameworks: NIST 800-53 Risk Management Framework (RMF), FISMA, and DoD security controls
• Experience with examining and understanding security documentation for system hardware and software, to include a System Security Plan (SSP), a Plan of Action and Milestones (POA&M), equipment specifications, practices, and procedures including assessment of controls and artifacts to verify the system is ATO ready
• Ability to assist in the execution of the Incident Response Plan, specifically in Data Spillage Cleanup
• Willingness to prepare the weekly, monthly, quarterly, bi-annual, and annual ConMon reports to push towards a perpetual ATO
• Ability to recommend software packages for use in secure spaces
• Technical Skills: Expertise in SIEM tools, vulnerability scanning, encryption, and secure network architecture, and demonstrated hands-on ATO development for SAP ATOs, AFIC ATOs, and unclassified ATOs
• Ability to create professional reports for system owners and technical staff that accurately describe test events and results for highly complex requirements
• Must be a U.S. citizen with an active U.S. Government security clearance

Nice To Haves

• Master’s degree in cybersecurity, computer science, information assurance, or a related field
• Certifications: DoD 8570/8140 IAM Level 3 i.e. CISSP, CISM, CISA, CGRC, or equivalent
• Ability to understand, explain, and mitigate non-implemented controls
• Familiarity with various interconnection agreements and memorandums of understanding
• Detailed understanding of customer-centric RMF workflows and the ability to articulate that knowledge to internal and external customers
• In-depth understanding of network topologies, protocols, hardware (switches, routers, etc.) and hardening techniques
• Knowledge of the complex network environments involving shared networks and multiple security enclaves
• Displays in-depth understanding of cybersecurity policies and procedures for government sector information systems
• Hands-on experience with eMASS and Xacta ATO submission process
• Demonstrated ability to bridge technical implementations (i.e., developer talk) into commonly understood security words
• Technical knowledge and experience to implement cybersecurity policies and procedures
• Experience working with System Administrators, Developers, and Systems Engineers
• Familiarity with developing and maintaining system security documentation
• Ability to work under limited supervision

Responsibilities

• Ensures information systems comply with NIST 800-53, RMF, and other security frameworks
• Conducts risk assessments, vulnerability management, and mitigation planning
• Performs audit log reduction and analysis as well as SIEM tuning and configuration
• Maintains Authority to Operate (ATO) requirements for classified systems
• Oversees security operations, threat analysis, and intrusion detection
• Develops and executes incident response plans to protect sensitive data
• Implements continuous monitoring strategies to proactively identify threats
• Develops security policies, procedures, and guidelines in alignment with DoD regulations
• Ensures thorough audit readiness and proper documentation of security controls
• Manages security training programs to promote best practices
• Works closely with program teams, IT, and security personnel to strengthen SDL’s cybersecurity posture
• Serves as a trusted advisor for leadership on emerging threats and risk management strategies
• Leads security assessments and interfaces with Government agencies (e.g., DoD entities)

Benefits

• SDL offers competitive salaries and a comprehensive benefits package.
• Visit our Benefits Page to learn more about what we offer.