Information Systems Security Officer (ISSO)

About The Position

Requirements

• U.S. Citizen.
• Minimum of current active Secret clearance to start, with the ability to obtain and maintain a Top Secret / SCI clearance.
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or an equivalent certification following the Cyber Workforce (CWF) qualification matrices outlined in DoD 8140.
• A minimum of 5 years of relevant experience, or an equivalent combination of related training and experience, is required.
• Risk Management Framework, NIST Standards, Vulnerability Assessment Tools (ex: ACAS, Nessus Scanner), Monitoring Tools (ex: HBSS, ESS, MDE/MDI) Security Technical Implementation Guides, Incident Response, Public Key Infrastructure.

Nice To Haves

• Prior experience with IT/OT systems and professional cybersecurity experience is preferred.

Responsibilities

• Responsible for hands-on implementation and maintenance of cybersecurity posture for Naval Research Laboratory information systems.
• Support the full lifecycle of the Risk Management Framework (RMF) process by assisting with the development of documentation, conducting risk and vulnerability assessments, and ensuring security controls are effectively implemented and maintained in compliance with Navy/DOW standards.
• Serve as a team member in maintaining the system's Authorizations, actively managing continuous monitoring activities, and ensuring the confidentiality, integrity, and availability of data under the guidance of the NRL C-ISSM.
• Actively involved in the day-to-day security operations and incident response. This includes analyzing results from vulnerability scanning tools (ACAS), interpreting Security Technical Implementation Guides (STIGs) to apply necessary configurations, and tracking remediation efforts through Plans of Action & Milestones (POA&Ms).
• Participate directly in security incident response and reporting activities.
• Support the command's classified material management by assisting in the Designated Transfer Authority (DTA) program, as needed. This includes auditing classified data, ensuring compliance with security regulations, and maintaining meticulous, audit-ready logs.
• May also act as a Local Registration Authority (LRA), supporting the command’s Public Key Infrastructure (PKI) program by maintaining and auditing detailed records for the SIPR PKI token program.
• Actively participate in the system's Configuration Control Board (CCB). The ISSO's role is to review and track proposed changes to the system's hardware, software, or configuration to ensure they do not negatively impact the authorized security posture.

Benefits

• KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule.
• We support career advancement through professional training and development.