Information Systems Security Officer (ISSO)

About The Position

Requirements

• Bachelor’s degree in cybersecurity, computer science, information assurance, or a related field
• 3+ years of experience in information security, cybersecurity, or related fields
• Knowledge of security frameworks to include NIST 800-53, RMF, and DCSA DAAG
• DoW 8570/8140 Information Assurance Technical (IAT) Level 1 certification
• Hands-on experience implementing and managing security controls on an information system
• Experience conducting security assessments, audits, and inspections
• Experience developing and maintaining security documentation (e.g., SSP, SAR, POA&M)
• Experience with vulnerability scanning tools (e.g., Nessus, Assured Compliance Assessment Solution (ACAS))
• Experience with security tools (e.g., Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), Secure Content Automated Protocol (SCAP, Splunk))
• Strong written and verbal communication skills with the ability to translate technical concepts to non-technical stakeholders
• Ability to work independently and collaboratively in a team environment
• Must be a U.S. citizen
• Must have or be able to obtain a DoW security clearance

Nice To Haves

• DoD 8570/8140 Information Assurance Management (IAM) Level 3 certifications
• Experience with configuration tools, such as Windows Server Update Services (WSUS) and Group Policy Objects (GPO)
• Familiarity with virtualization software (i.e., VMware ESXi/vSphere) and scripting languages (e.g., PowerShell, PowerCLI, Bash)
• Familiarity with interconnection security agreements and memorandums of understanding
• In-depth understanding of network topologies, protocols, hardware (e.g., switches, routers, etc.) and hardening techniques
• Hands-on experience with eMASS ATO submission process
• Experience working with system administrators, software developers, and systems engineers

Responsibilities

• Ensures information systems comply with National Institute of Standards and Technology (NIST) 800-53, Risk Management Framework (RMF), Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Guidance (DAAG), and other security frameworks
• Develops, maintains, and updates system security documentation, including System Security Plan (SSP), Security Assessment Report (SAR), and Plan of Action and Milestone (POA&M)
• Supports system Authorization to Operate (ATO) processes and continuous monitoring activities
• Conducts security control assessments, vulnerability scans, and risk analyses
• Tracks and remediates security findings and vulnerabilities in coordination with system owners and technical teams
• Performs weekly audits and participates in inspections, providing documentation and evidence as required
• Applies software/system updates and follows test procedures to verify updates did not break desired functionality
• Monitors system activity for security incidents and supports incident response efforts
• Provides guidance on secure system configuration and architecture
• Delivers security awareness and training support as needed

Benefits

• competitive salaries
• comprehensive benefits package