ISSO, Mid-Level

UIC Alaska•Vandenberg SFB, CA

About The Position

Overview Delta Solutions and Services Bowhead is seeking a Mid-Level ISSO for our team at Vandenberg SFB. The Information Systems Security Officer (ISSO) is responsible for implementing, maintaining, and continuously improving cybersecurity controls for assigned information systems in accordance with DoD, Air Force, and NIST Risk Management Framework (RMF) requirements. The ISSO ensures that all systems remain secure, compliant, and operational across all classification levels through proactive management of security artifacts, RMF authorization support, and ongoing vulnerability and compliance monitoring. In addition to RMF responsibilities, the ISSO performs Communications Security (COMPUSEC) and TEMPEST functions, including emission security evaluations, classified processing compliance, and controlled media handling. This position is critical to ensuring S4S maintains a secure cyber environment, sustained authorization, and readiness for audits and inspections. The position provides day-to-day cybersecurity and information assurance support for Collateral, Sensitive Compartmented Information (SCI), and Special Access Program (SAP) environments.

Requirements

Minimum of 2–5 years of related experience supporting RMF authorization packages, continuous monitoring, and cybersecurity compliance for DoD systems.
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent combination of education and experience (4 years).
Must meet position and certification requirements outlined in DoD 8140 for the Information System Security Manager role (Intermediate Level) within six months of hire.
Must be familiar with RMF tools and workflows such as eMASS, Xacta, and ACAS.
Must possess a strong understanding of COMPUSEC and TEMPEST policies, DoDI 8500.01, CNSSI 1253, and related DoD guidance.
Ability to coordinate with multiple stakeholders to ensure cyber readiness across Collateral, SCI, and SAP environments.
Ability to provide surge and after-hours support during inspections, exercises, or real-world cyber events.
Must currently hold an active TS/SCI clearance.

Responsibilities

Assist in the preparation, submission, and maintenance of RMF Authorization packages (Assessment & Authorization – A&A) for S4S systems.
Develop and maintain all required cybersecurity documentation, to include System Security Plans (SSPs), procedures, diagrams, Plans of Action and Milestones (POA&Ms), and associated body-of-evidence artifacts.
Track and manage system authorization timelines and accreditation status to ensure uninterrupted Authority to Operate (ATO) or Interim Authorization to Test (IATT).
Conduct, document, and report results of cybersecurity self-inspections, vulnerability scans, and control tests to support continuous monitoring requirements.
Maintain and update audit logs, system access control lists, and incident reports in accordance with DoD and Air Force cybersecurity policy.
Track and report POA&M items, ensuring timely remediation of vulnerabilities and documentation of risk acceptance where applicable.
Maintain inspection readiness and provide direct support to cybersecurity inspections, Command Cyber Readiness Inspections (CCRIs), and Staff Assistance Visits (SAVs).
Ensure implementation and enforcement of administrative, procedural, and technical security controls in accordance with NIST SP 800-53 and related DoD guidance.
Coordinate with system administrators to maintain secure system baselines, verify proper patching, and validate STIG compliance.
Perform security risk assessments for system modifications, upgrades, integrations, and software deployments.
Assist in developing and delivering system-specific security briefings, user guides, and operational best practices to authorized users.
Support cybersecurity incident detection, triage, and response efforts in coordination with the Cybersecurity Service Provider (CSSP) and the Information System Security Manager (ISSM).
Prepare risk reports, status updates, and leadership briefings summarizing system cyber health, compliance metrics, and residual risk posture.
Liaise between system owners, administrators, cybersecurity teams, and external assessors to ensure consistent understanding and application of RMF controls.
Integrate cybersecurity considerations into system engineering, sustainment, and lifecycle management activities.
Represent cybersecurity equities during design reviews, planning boards, and operational or acquisition meetings.
Ensure systems and networks are operated, maintained, and disposed of in accordance with applicable cybersecurity and records management policies.
Ensure all system users complete required initial, recurring, and role-based cybersecurity training.
Conduct face-to-face or virtual security training and awareness sessions, documenting attendance and compliance.
Report, investigate, and document cybersecurity incidents in accordance with established incident response procedures.
Ensure compliance with COMPUSEC policies, including media marking, transfer, encryption, and destruction procedures.
Conduct TEMPEST risk assessments, ensuring compliance with DoD emission security policies and facility accreditations.
Coordinate or conduct TEMPEST inspections of facilities, equipment, and cabling to ensure compliance with CTTA-issued standards.
Maintain TEMPEST accreditation packages and verify that mitigation controls are implemented for identified vulnerabilities.
Liaise with Certified TEMPEST Technical Authorities (CTTAs) and ensure compliance with all emission security and classified processing requirements.
Support cybersecurity contingency planning, including exercises and real-world event response activities.
Support users and assist with the coordination and completion of paperwork required to resolve negligent discharge of classified information incidents and events.
Provide after-hours support as required to maintain system availability, mission continuity, and cyber defense posture.
Other duties as assigned.