Facility Security Officer Jobs

About The Position

Requirements

• Ability to obtain a secret clearance or higher.
• Minimum of 5–7 years of direct experience performing Information System Security Manager (ISSM) or Officer (ISSO) duties, specifically navigating the Risk Management Framework (RMF) steps 1–6.
• Proven experience building and configuring secure information systems from the ground up. The candidate must possess the technical expertise to install, harden, and integrate hardware and software components within a classified environment.
• Proven track record of managing classified systems in compliance with 32 CFR Part 117 (NISPOM), DAAG, and NIST SP 800-53 security controls.
• Hands-on experience performing technical security assessments, including the use of ACAS/Nessus scanners and the implementation of DISA STIGs.
• Experience authoring and maintaining critical security documentation, including System Security Plans (SSP), Plans of Action and Milestones (POA&M), and Security Assessment Reports (SAR).
• Experience managing and auditing privileged users and ensuring the integrity of automated audit logs and system accounting.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related technical field. (Equivalent professional experience may be considered in lieu of a degree).
• Minimum of 4–6 years of experience in Information Assurance (IA) or Cybersecurity, with specific experience managing systems under the Risk Management Framework (RMF)
• Demonstrated expertise in NIST SP 800-53, 32 CFR Part 117 (NISPOM), and Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Guide (DAAG).
• IAM Level II or III: Must possess a current, baseline certification in good standing. Valid certifications include: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CGRC / CAP (Certified in Governance, Risk, and Compliance), CASP+ (CompTIA Advanced Security Practitioner)

Nice To Haves

• Advanced proficiency with the Enterprise Mission Assurance Support Service (eMASS) or Xacta for system authorization tracking.
• Previous experience leading a facility through a DCSA Security Review or a government Command Cyber Readiness Inspection (CCRI).

Responsibilities

• Ensure consistent departmental safety standards and procedures across facilities.
• Address systemic safety concerns and implement standardized solutions.
• Perform Security Impact Analysis for all proposed system modifications to ensure they do not negatively affect the authorized security posture.
• Develop and maintain comprehensive System Security Plans (SSP), Risk Assessment Reports (RAR), and Security Control Traceability Matrices (SCTM) within eMASS.
• Oversee technical security scans using ACAS[CG1.1]/Nessus [CG2.1]and ensure all hardware and software adhere to DISA STIGs (Security Technical Implementation Guides).
• Assist with investigations into security violations, malicious activity, or classified data spills, coordinating directly with the FSO and relevant government agencies.
• Orchestrate the Assessment and Authorization (A&A) lifecycle for a classified information system, serving as the primary technical advisor to the Authorizing Official (AO).
• Manage the lifecycle of Plans of Actions and Milestones (POA&Ms), ensuring all findings are tracked, mitigated, and reported through official government channels.
• Develop and deliver annual security awareness training and specialized briefings for privileged and general users.
• Partner with the Facility Security Officer (FSO) to provide guidance on general security issues.
• Maintain audit-ready records and lead preparations for government security reviews.
• Other assigned duties by the FSO related to any responsibility of BIW’s Industrial Security program.
• Implement a robust Continuous Monitoring (CONMON) strategy to detect unauthorized changes or anomalies in the authorized security baseline.
• Ensure automated audit trails are collected and reviewed.