Senior Information System Security Officer

The MITRE Corporation•Mclean, VA

67d•Onsite

About The Position

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us. Department Summary: The Cybersecurity Risk Management Department (R311) within the Global Security Services Division (R300) is looking to fill a Senior Information Systems Security Officer position, with a focus on classified environments. The selected candidate will support multiple sponsors by providing Information Assurance and Cybersecurity services specifically for classified systems. The ideal candidate will thrive in a fast-paced, collaborative environment, working with cutting-edge technology and contributing to advanced security concepts in classified settings. We seek a proactive individual to lead efforts in integrating security into large engineering projects and acquisition initiatives. Success in this role requires expertise in a wide range of cybersecurity topics, including strategy, planning, policies, procedures, governance, management, protection, detection, mitigation, and cyber and military operations. Strong verbal and written communication skills are essential for presenting findings, making actionable recommendations, and sharing innovative ideas with Senior Government Sponsors. The selected candidate will be responsible for protecting information systems, networks, and computers from security threats. The candidate will perform tasks such as ensuring cyber security is baked into the design of new/existing operational environments; perform security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). As the senior ISSO, maintain operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A). Provides configuration management (CM) expertise for information system security software, hardware, and firmware and coordinates with Systems & Networks engineers, and other stakeholders to ensure fully developed requests are vetted prior to Change Control Board (CCB) meetings. Mentor and train Jr. ISSOs, consult with other MITRE Departments on cybersecurity concerns.

Requirements

Typically requires a minimum of 5 years of related experience with a B.S. in Computer Science; or 3 years and a Master's degree; or a PhD; or equivalent combination of related education and work experience.
Active Top Secret clearance with SCI eligibility. Ability to obtain and maintain a Counterintelligence Polygraph (CI Poly).
Experience implementing RMF, NIST SP 800-53, J-SIG, STIGs, and SCAP Compliance Checker.
Experience supporting Sensitive Compartmented Information (SCI) and/or Special Access Program (SAP) systems/projects.
Experience with tools such as Tenable Nessus, SolarWinds SEM, ACAS, ESS, Trellix AV, PDQ Inventory/Deploy, Splunk.
Hands-on experience with tools like eMASS, XACTA, and/or ServiceNow (SNOW).
Knowledge of classified infrastructure and the A&A process.
Ability to communicate complex technical concepts clearly to both technical and non-technical audiences.
Must meet DoD 8570.01M IAM Level III requirements.
This position has an on-site requirement of 5 days a week on-site.

Nice To Haves

Experience leading cybersecurity initiatives in classified environments.
Knowledge of emerging IT and cybersecurity technologies.
Proven ability to advise senior leadership on risk levels, security posture, and policy changes.
Previous experience operating as a SCI/SAP ISSO, ISSE, System Administrator, or ISSM.
Strong analytical and problem-solving skills, with the ability to develop innovative solutions.
Experience mentoring junior staff and fostering a collaborative team environment.
Familiarity with insider threat programs and strategies for mitigating insider risks.
Expertise in conducting cybersecurity inspections, audits, and self-assessments.

Responsibilities

Lead the design and implementation of cybersecurity measures for classified systems, ensuring security is embedded throughout the system lifecycle.
Manage the Risk Management Framework (RMF) process, including creating and maintaining System Security Plans (SSPs), Risk Assessment Reports, Plan of Action and Milestone (POA&M), and other security documentation.
Serve as the Senior Information Systems Security Officer (ISSO), maintaining operational security posture and ensuring compliance with policies, standards, and procedures.
Conduct vulnerability assessments, risk analysis, and continuous monitoring activities to strengthen the cybersecurity posture of classified environments.
Collaborate with system administrators, engineers, and stakeholders to mitigate risks and implement best practices.
Mentor and develop junior cybersecurity staff, fostering a culture of excellence and innovation.
Work alongside the ISSM to ensure classified systems obtain and remain authorized/accredited throughout the life cycle of the classified system.
Report system security activities, statuses, progress, issues, roadblocks, and obstacles to the ISSM.
Provide subject matter expertise to internal and external partners, supporting the security of advanced technologies.
Respond to cybersecurity assessments, improve risk ratings, and develop strategic plans for compliance.