Information Systems Security Officer (ISSO)

About The Position

Requirements

• Must be a U.S. citizen with an active (or previous) TS clearance
• 3+ years of experience in information systems security within IC, SAP, or other highly classified environments
• DoD 8570/8140 compliant – IAT Level II and IAM Level II (or higher) required at time of hire
• Bachelor’s degree in cybersecurity, computer science, information assurance, or a related field (or additional 5 years of experience in lieu of a degree)
• Certifications: Security+, CySA+, GSEC, SSCP, CCSP or equivalent
• Extensive knowledge of IC and DoD security frameworks: ICDs, CNSSI, NIST 800-53, RMF, JSIG, and SAP security controls
• Experience with security documentation including SSPs, POA&Ms, SARs, ISAs, MOUs, and ATO packages
• Experience supporting SAP or SCI systems , including accreditation and lifecycle management
• Experience executing Incident Response Plans, including classified data spillage remediation
• Hands-on experience with Continuous Monitoring (CONMON) activities and reporting
• Experience using Tenable tools (ACAS) for vulnerability scanning and remediation tracking
• Experience using Splunk for log analysis and security monitoring
• Ability to produce detailed technical reports for system owners and stakeholders
• Strong technical background in vulnerability management, system hardening, and secure architectures

Nice To Haves

• Active TS/SCI clearance with a current polygraph (CI or FS)
• Master’s degree in cybersecurity, computer science, or a related field
• Certifications: CISSP, CISM, CISA, CGRC, CASP+, or equivalent
• Experience with JSIG , ICD 503, and SAP-specific RMF processes
• Familiarity with Service Now (SNOW), eMASS, XACTA, or other IC authorization tools
• Deep understanding of multi-enclave architectures, cross-domain solutions, and classified network segmentation
• Experience with interconnection agreements (ISA/MOU/MOA) in IC environments
• Ability to assess and articulate risk for non-implemented or inherited controls
• Strong understanding of network protocols, system architectures, and secure configurations in TS/SCI environments
• Ability to translate technical security concepts into mission-relevant risk language for leadership
• Experience working across multi-disciplinary teams including developers, engineers, and system administrators
• Demonstrated ability to work independently with minimal supervision in high-security environments

Responsibilities

• Ensures information systems comply with Intelligence Community Directives (ICDs), CNSSI, NIST 800-53, and the Risk Management Framework (RMF) for TS/SCI and SAP systems
• Conducts risk assessments, vulnerability management, and mitigation planning for highly classified systems
• Performs audit log review, reduction, and analysis using Splunk to support security monitoring and investigations
• Leads and executes the full Risk Management Framework (RMF) lifecycle to achieve and maintain an Authorization to Operate (ATO) for TS/SCI and SAP systems
• Oversees security operations, threat analysis, and intrusion detection in TS/SCI enclaves
• Develops and executes incident response plans, including data spill response and containment in classified environments
• Performs and manages Continuous Monitoring (CONMON) activities, including analysis of security posture, tracking of vulnerabilities, and reporting to support ongoing authorization
• Executes vulnerability scanning using Tenable tools (e.g., ACAS) and analyzes results to identify, prioritize, and remediate system vulnerabilities
• Develops and maintains security policies, procedures, and guidelines in alignment with IC, DoD SAP, and national-level security requirements
• Ensures audit readiness and proper documentation of security controls, artifacts, and assessment evidence
• Manages and maintains RMF documentation including SSPs, POA&Ms, SARs, and security control traceability
• Works closely with program managers, ISSMs, ISSEs, system administrators, and engineers to ensure secure system design and operation
• Serves as a trusted advisor to leadership on IC cybersecurity requirements, emerging threats, and risk posture
• Interfaces with Government stakeholders including Authorizing Officials (AOs), Security Control Assessors (SCAs), and IC oversight bodies

Benefits

• competitive salaries
• comprehensive benefits package