Posted today
Intel Agency (NSA, CIA, FBI, etc)
Senior Level Career (10+ yrs experience)
Unspecified
Full Scope Polygraph
IT - Security
Washington, DC (On/Off-Site)
Information Systems Security Officer (ISSO)
Clearance Requirements: TS/SCI with CI Polygraph. Investigation or CV date within 5 years
Location: Washington, DC – DIA HQ
We are seeking an experienced ISSO to support the security lifecycle of complex DoD and IC information systems. This role is responsible for enforcing system security controls, maintaining RMF documentation, supporting ATO packages, performing incident response, and ensuring continuous monitoring across networked and standalone environments. The position will work closely with ISSMs, SCAs, administrators, and developers to maintain compliance, strengthen security posture, and ensure systems remain protected against evolving threats.
Duties and Responsibilities:
System Security Management:
• Experience with security tools and technologies such as vulnerability scanners, intrusion detection systems, security information and event management (SIEM) systems
• Participate in the implementation of current and future security domains (i.e. DevSecOps, AI, Cloud Computing, etc.)
• Develop, implement, and maintain system documentation for information system authorization, security management, and continuous monitoring (CONMON) of both networked and standalone information systems (i.e., Authorization To Operate (ATO), System Security Plan (SSP), Plans of Actions and Milestones (POAM), etc.).
• Ensures the SSP accurately reflects the system architecture, security controls, and operational procedures
• Conducts regular reviews and updates to the SSP to address changes in system configuration, threats, vulnerabilities, and regulatory requirements
• Manages and monitors the implementation of security controls as described in the SSP, including technical, administrative, and physical security measures
• Conducts risk assessments and vulnerability assessments to identify potential security weaknesses
• Develops and implements mitigation strategies to address identified risks and vulnerabilities
• Maintains a thorough understanding of system architecture, operating systems, applications, and network infrastructure
• Ensures system compliance with applicable IC policies and standards
• Ensure applicable Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) are completed
• Participates in system design reviews to ensure security requirements are integrated from the outset
Incident Response:
• Develops and implements incident response plans (IRPs) for assigned systems
• Investigates security incidents and breaches, analyzing root causes and implementing corrective actions
• Coordinates with the Cybersecurity Service Provider (CSSP) and other relevant stakeholders during incident response activities
• Documents and reports security incidents in accordance with DoD policy
• Participates in incident response exercises and tabletop scenarios to test the effectiveness of the IRP
Configuration Management:
• Ensures that system configurations are maintained in a secure state
• Monitors system configurations for unauthorized changes
• Participates in change management processes to ensure security implications are addressed
• Ensures accurate documentation of system configurations and security baselines
Audit and Assessment:
• Supports internal and external security audits and assessments
• Prepares documentation and provides evidence to auditors as required
• Reviews audit findings and implements corrective actions to address deficiencies
• Conducts regular self-assessments to ensure compliance with security requirements
Continuous Monitoring:
• Implements and maintains continuous monitoring to track the security posture
• Analyzes security logs and alerts to identify potential security incidents
• Reports security status to the relevant stakeholders
Coordination and Communication:
• Collaborate with ISSOs, ISSMs, SCAs, system administrators, and developers
• Communicates security risks and vulnerabilities to relevant stakeholders
• Presents the system security activities in Scrum meetings and forums
• Provides technical security advice and guidance to system users and administrators
Qualifications:
• BS degree in Computer Science, Information Security, or a related field
• Minimum of 10 years of experience in information security, with a focus on system security administration
• Experience with the DoD Risk Management Framework (RMF) is required
• Knowledge of operating systems (Windows, Linux, Unix), networking protocols, and database management systems.
• Expertise in security tools such as SCAP Compliance Checker, ACAS Scans, and SPLUNK
• Must possess an IAT Level II certification (CISSP, Security+ CE, CCNA Security, etc.)
Clearance Requirements: TS/SCI with CI Polygraph. Investigation or CV date within 5 years
Location: Washington, DC – DIA HQ
We are seeking an experienced ISSO to support the security lifecycle of complex DoD and IC information systems. This role is responsible for enforcing system security controls, maintaining RMF documentation, supporting ATO packages, performing incident response, and ensuring continuous monitoring across networked and standalone environments. The position will work closely with ISSMs, SCAs, administrators, and developers to maintain compliance, strengthen security posture, and ensure systems remain protected against evolving threats.
Duties and Responsibilities:
System Security Management:
• Experience with security tools and technologies such as vulnerability scanners, intrusion detection systems, security information and event management (SIEM) systems
• Participate in the implementation of current and future security domains (i.e. DevSecOps, AI, Cloud Computing, etc.)
• Develop, implement, and maintain system documentation for information system authorization, security management, and continuous monitoring (CONMON) of both networked and standalone information systems (i.e., Authorization To Operate (ATO), System Security Plan (SSP), Plans of Actions and Milestones (POAM), etc.).
• Ensures the SSP accurately reflects the system architecture, security controls, and operational procedures
• Conducts regular reviews and updates to the SSP to address changes in system configuration, threats, vulnerabilities, and regulatory requirements
• Manages and monitors the implementation of security controls as described in the SSP, including technical, administrative, and physical security measures
• Conducts risk assessments and vulnerability assessments to identify potential security weaknesses
• Develops and implements mitigation strategies to address identified risks and vulnerabilities
• Maintains a thorough understanding of system architecture, operating systems, applications, and network infrastructure
• Ensures system compliance with applicable IC policies and standards
• Ensure applicable Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) are completed
• Participates in system design reviews to ensure security requirements are integrated from the outset
Incident Response:
• Develops and implements incident response plans (IRPs) for assigned systems
• Investigates security incidents and breaches, analyzing root causes and implementing corrective actions
• Coordinates with the Cybersecurity Service Provider (CSSP) and other relevant stakeholders during incident response activities
• Documents and reports security incidents in accordance with DoD policy
• Participates in incident response exercises and tabletop scenarios to test the effectiveness of the IRP
Configuration Management:
• Ensures that system configurations are maintained in a secure state
• Monitors system configurations for unauthorized changes
• Participates in change management processes to ensure security implications are addressed
• Ensures accurate documentation of system configurations and security baselines
Audit and Assessment:
• Supports internal and external security audits and assessments
• Prepares documentation and provides evidence to auditors as required
• Reviews audit findings and implements corrective actions to address deficiencies
• Conducts regular self-assessments to ensure compliance with security requirements
Continuous Monitoring:
• Implements and maintains continuous monitoring to track the security posture
• Analyzes security logs and alerts to identify potential security incidents
• Reports security status to the relevant stakeholders
Coordination and Communication:
• Collaborate with ISSOs, ISSMs, SCAs, system administrators, and developers
• Communicates security risks and vulnerabilities to relevant stakeholders
• Presents the system security activities in Scrum meetings and forums
• Provides technical security advice and guidance to system users and administrators
Qualifications:
• BS degree in Computer Science, Information Security, or a related field
• Minimum of 10 years of experience in information security, with a focus on system security administration
• Experience with the DoD Risk Management Framework (RMF) is required
• Knowledge of operating systems (Windows, Linux, Unix), networking protocols, and database management systems.
• Expertise in security tools such as SCAP Compliance Checker, ACAS Scans, and SPLUNK
• Must possess an IAT Level II certification (CISSP, Security+ CE, CCNA Security, etc.)
group id: 91135725
