ISSO 1

Koniag Government Services, LLC

About The Position

Koniag IT Systems, LLC a Koniag Government Services company, is seeking Information System Security Officer (ISSO) 1 with a Top- Secret security clearance to support KITS and our government customer in New Mexico, NM. Will also consider candidates in DC, Maryland, and Las Vegas. We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more. Koniag Data Solutions is seeking an experienced Information System Security Officer (ISSO) to support our cybersecurity efforts for the Department of Energy's National Nuclear Security Administration (DOE NNSA). The ideal candidate will have demonstrated experience with security authorization processes, risk management, and compliance with federal cybersecurity requirements. This position requires a professional who can effectively manage system security documentation and processes while working within the Risk Management Framework (RMF). Candidates must be eligible for the appropriate security clearance. Essential Functions, Responsibilities & Duties may include, but are not limited to: The ISSO will be responsible for managing system, application, and hardware authorization activities to ensure cybersecurity requirements are properly implemented. Principal responsibilities include: Authorization Activities: Manage and develop systems, application, and hardware authorization documentation including Information System Security Plans (ISSPs), Risk Assessments, and Security Baselines Ensure authorization activities are completed in a timely and accurate manner for both initial authorization and re-authorization processes Develop comprehensive authorization packages independently and submit them to the ISSM for review Prepare authorization packages for submission to the Authorizing Official (AO) or Authorizing Official Designated Representative (AODR) for review and approval Apply the Risk Management Framework (RMF) methodology consistently across assigned systems Maintenance Activities: Maintain knowledge of AO-approved risk boundaries and risk tolerance levels Update authorization documentation according to organizationally defined schedules in accordance with risk management objectives Conduct continuous monitoring activities for assigned systems Track security control implementation and effectiveness Document system changes and assess their impact on security posture General Support and Management: Work within established authorization boundaries and ensure operations adhere to approved parameters Support transparent decision-making processes that align with AO requirements Assist with the onboarding and termination processes for contractor personnel Ensure work products and deliverables meet Enterprise Cybersecurity Program requirements and quality standards Provide technical support at meetings, briefings, and presentations Collaborate effectively with other contractors supporting NA-IM and NNSA Mentor junior security personnel in authorization processes and documentation

Requirements

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
1-3 years of experience in cybersecurity or information security
1+ years of experience with RMF or similar security authorization frameworks
Experience developing and maintaining security documentation including ISSPs, Risk Assessments, and Security Baselines
Experience working with federal agencies, preferably DOE, NNSA, or Department of Defense
Training that meets or is progressing toward NNSA and/or DoD 8140 requirements
Strong knowledge of the NIST Risk Management Framework (RMF)
Understanding of federal cybersecurity regulations, policies, and standards
Proficiency with security authorization documentation and processes
Experience with risk assessment methodologies and practices
Knowledge of security control implementation and assessment
Strong project management skills with ability to manage multiple tasks simultaneously
Excellent documentation skills and attention to detail
Strong written and verbal communication skills
Experience with continuous monitoring and ongoing authorization processes
Knowledge of incident management and reporting requirements
Understanding of NIST SP 800-53 security controls
Ability to obtain and maintain required security clearance
Experience with system security planning and documentation
Knowledge of vulnerability management processes
Ability to work collaboratively in team environments
Top Secret security clearance / Q

Nice To Haves

Certifications such as Security+, CISSP, CAP, or equivalent
Experience specifically with DOE NNSA cybersecurity requirements
Experience with Archer or similar authorization management systems
Knowledge of FISMA compliance requirements
Experience with security testing and evaluation
Familiarity with supply chain risk management
Experience presenting cybersecurity concepts to management
Knowledge of system hardening techniques and practices
Experience with security architecture review
Understanding of cloud security principles
Experience with security incident handling
Knowledge of secure coding practices
Familiarity with privacy requirements and documentation

Responsibilities

Manage and develop systems, application, and hardware authorization documentation including Information System Security Plans (ISSPs), Risk Assessments, and Security Baselines
Ensure authorization activities are completed in a timely and accurate manner for both initial authorization and re-authorization processes
Develop comprehensive authorization packages independently and submit them to the ISSM for review
Prepare authorization packages for submission to the Authorizing Official (AO) or Authorizing Official Designated Representative (AODR) for review and approval
Apply the Risk Management Framework (RMF) methodology consistently across assigned systems
Maintain knowledge of AO-approved risk boundaries and risk tolerance levels
Update authorization documentation according to organizationally defined schedules in accordance with risk management objectives
Conduct continuous monitoring activities for assigned systems
Track security control implementation and effectiveness
Document system changes and assess their impact on security posture
Work within established authorization boundaries and ensure operations adhere to approved parameters
Support transparent decision-making processes that align with AO requirements
Assist with the onboarding and termination processes for contractor personnel
Ensure work products and deliverables meet Enterprise Cybersecurity Program requirements and quality standards
Provide technical support at meetings, briefings, and presentations
Collaborate effectively with other contractors supporting NA-IM and NNSA
Mentor junior security personnel in authorization processes and documentation