Information Systems Security Officer (ISSO)

About The Position

Requirements

• Strong understanding of DoD cybersecurity regulations, standards, and tools.
• Experience with RMF, vulnerability management, system hardening, and secure coding practices.
• Excellent communication and coordination skills across functional teams.
• Ability to assess, document, and mitigate cybersecurity risks in complex environments.
• U.S. Citizenship with active Top Secret with SCI eligibility.
• At least 5 years of experience supporting the full cybersecurity life cycle for DoD systems.
• At least 5 years of progressively complex experience in developing, integrating, and implementing cybersecurity and program protection standards for networks, computing environments, and application development.
• Experience with ATO packages, RMF documentation, vulnerability assessments, and continuous monitoring.
• Familiarity with DoD cyber compliance tools such as ACAS, eMASS, and HBSS.
• DoDI 8570 IAM Level II certification standards (CCNA-Security, CySA+ (CSIS), GICSP, GSEC, Security+ CE, CND, or SSCP).

Nice To Haves

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering.
• Experience with securing custom application development environments and DevSecOps practices.

Responsibilities

• Support Information Systems Security Managers (ISSMs) in executing cybersecurity responsibilities across assigned systems.
• Implement and enforce DoD cybersecurity policies and procedures for Information Systems (IS) and Platform IT (PIT) systems.
• Coordinate with ISSMs to initiate corrective actions or protective measures in response to cybersecurity incidents or vulnerabilities.
• Maintain up-to-date cybersecurity-related documentation and ensure accessibility to authorized users.
• Review and analyze reports from penetration tests, static code analysis, and vulnerability scans.
• Analyze network architecture, data flows, organizational charts, and personnel assignments for potential cybersecurity vulnerabilities.
• Participate in continuous improvement of system security postures and assist in securing custom-developed applications.
• Implementation of System Security Plans (SSP), Standard Operating Procedures (SOP), information security policies and the development of information system artifacts, as necessary, to ensure compliance with RMF guidelines.