IS/IT Subject Matter Expert Level V - Assessment and Authorizati

Information Systems Solutions (ISS) is looking for an IS/IT Subject Matter Expert Level V to support the JS J7 Joint Training DevSecOps pipeline core infrastructure and data center in Suffolk, VA. The selected candidate will be responsible for supporting the Deputy Directorate, Joint Training (DDJT) for Assessment and Authorization (A&A) accreditation efforts.

This role is 100% onsite.

Why Work For ISS?

At ISS we pride ourselves on providing an employee-focused and family first environment. Being a small business, we take the time to get to know our employees and have a vested interest in helping them achieve their career goals. We work to schedule regular social gatherings within the company to foster camaraderie. ISS values their employees by providing a comprehensive benefits package that includes a fully vested 401(k) matching program, coverage of family medical deductibles, spot bonuses, and educational assistance to further your career.

Clearance Level

TS/SCI clearance

Certifications (IAT Level III)

One of the following:

• CompTIA Advanced Security Practitioner (CASP CE)
• Cisco Certified Network Professional Security (CCNP Security)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Certified Incident Handler (GCIH

Functional area training certificates (required prior to start date):

• DISA eMASS Computer Based Training
• Annual Cyber Awareness Training

Required Skills and Experience

• A Master's of Cybersecurity or related degree, or 10 years of experience in cybersecurity analysis with an understanding of applicable laws, acts, policies, protocols, and regulations.
• At least 5 years of experience related to DoD cybersecurity policies, procedures, and related directives including Task Orders, Executive Orders, Operational Orders, OPSEC, OSINT, etc.

Key Responsibilities

• Serve as the primary Subject Matter Expert (SME) for all aspects of the Assessment and Authorization process in accordance with the DoD Risk Management Framework (RMF) model.
• Lead the effort utilizing Enterprise Mission Assurance Support Service (eMASS) to document activities, including implementation of all applicable security controls as identified via information system security categorization in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and Committee on National Security Systems Instructions (CNSSI) 1253.
• Test and apply security controls based on security categorization, the application of overlays (privacy, classified, intel, etc.) and security control tailoring (AI, NOFORN, etc.).
• Collaboration with team leads, system owners, developers, and other key stakeholders to ensure security requirements are integrated throughout system design and implementation.
• Conduct active and passive reconnaissance of data, with the ability to assess and author Plans of Milestones and Actions (POA&Ms) containing accurate and verifiable mitigation statements, milestone tracking, and applying to the most relevant security control.
• Development of comprehensive required A&A documentation, including System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Reports (SARs), etc.
• Adherence to the eMASS scheduled tasking within the accreditation cycle, including Quarterly Independent Verification and Validation (IV&V), quarterly STIG checks, Annual Security Review (ASR), monthly POA&M updates, and resubmission for ATO, ATC, IATC and IATT as applicable.
• Maintenance of DISA circuit connections (CCSDs), inheritance from accredited systems and cloud service providers, and the workflow schedule on accreditations.