Senior Information System Security Officer (ISSO)

About The Position

Requirements

• Candidates must meet DoD 8140-M Advanced level (or higher) qualification requirements.
• At a minimum, CompTIA Security + CE will be required for this position. CISSP or CISM are preferred.
• Please upload copies of any relevant IT certifications you hold.
• 10 years of engineering experience, including at least 5 years in Information Assurance/Cybersecurity (IA/CS).
• Demonstrated experience implementing the Risk Management Framework (RMF) in accordance with DoDI 8510.01.
• Extensive experience applying security controls outlined in CNSSI 1253, NIST SP 800-53, and JSIG.
• Able to conduct vulnerability assessments using ACAS, DISA STIGs, and SCAP Compliance Checker with automated benchmarks.
• Proven experience implementing DISA STIG configurations across operating systems and network devices.
• In-depth knowledge of continuous monitoring, security audits, risk assessments, and mitigation planning for DoD systems.
• Experience evaluating NIAP/Common Criteria technologies and the DISA Approved Products List (APL).
• Background preparing certification letters, MOAs, and authorization documentation for system interconnections.
• Experience developing IA-related acquisition documentation.
• Familiarity with Intelligence Community Directive (ICD) 705, DoDD 5205.07, and DOD 5205.07-M Volumes 1-4.
• Comfortable mentoring and guiding more junior teammates.
• Ability to build positive, collaborative relationships across teams and with external partners.
• Effective communicator with strong verbal and written skills.
• Proactive, self-directed work style with the ability to operate independently.
• Analytical thinker with proven problem-solving capabilities.
• Highly organized, with the ability to balance competing priorities in a fast-paced environment.
• This position requires U.S. citizenship and an active DoD Top Secret clearance.
• Selected candidate will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Nice To Haves

• CISSP or CISM are preferred.

Responsibilities

• Lead the development, implementation, and enforcement of cybersecurity policies, standards, and methodologies.
• Direct vulnerability management activities using ACAS, DISA STIGs, and SCAP Compliance Checker.
• Oversee secure configuration of operating systems and network devices in accordance with DISA STIG requirements.
• Manage continuous monitoring efforts, conduct security audits, and drive risk mitigation strategies.
• Provide subject matter expertise on NIAP/Common Criteria certifications and DISA Approved Products List (APL) compliance.
• Prepare and review authorization documentation, certification letters, and MOAs for system interconnections.
• Advise program leadership, system owners, and engineers on RMF compliance and cybersecurity best practices.

Benefits

• 100% employee-owned company
• Comprehensive benefits package, including 11 paid holidays, medical/dental/vision coverage, HSA/FSA options, disability insurance, and more!
• 401(k) with company match
• Tuition assistance for undergraduate and graduate education
• Veteran-friendly employer
• Thriving employee culture