Information Systems Security Officer (ISSO)– Secret Clearance

Description

Founded in 1989, CALNET Inc. has become one of the fastest growing privately held companies in the Technology, Intelligence Analysis, and Language Services consulting arena. Headquarters in Reston, VA, CALNET employees deliver true value to our customers by employing best practices, and world-class technologies industry expertise in every project. CALNET is ISO 9001, ISO 20000, and CMMI-Level III certified

As a Prime Government Contractor for a major government institution, we are currently searching for a talented Information Systems Security Officer (ISSO) with Secret Clearance to workin Washington DC

Position Overview

• The Information Systems Security Officer (ISSO) is responsible for ensuring the security posture, compliance, and continuous monitoring of Government Secure Data Network systems in accordance with FISMA, NIST SP 800-53, CNSSI 1253, DoD directives, and Treasury security policies.
• The ISSO provides technical security oversight, supports Security Assessment & Authorization (SA&A) activities, manages Plans of Action & Milestones (POA&M), conducts vulnerability analysis, and ensures systems maintain Authorization to Operate (ATO) status. The ISSO works closely with the Federal Information System Security Manager (ISSM), Program Manager, Data Center Operations, and Service Desk teams.

Key Responsibilities

1. Security Assessment & Authorization (SA&A) / RMF Support

• Develop, maintain, and update:
• System Security Plans (SSPs)
• Risk Assessment Reports
• Security Assessment Reports (SARs)
• Contingency Plans
• Authorization to Operate (ATO) documentation
• Define system boundaries, inventories, interconnections, and responsible officials.
• Support Risk Management Framework (RMF) lifecycle activities.
• Conduct control selection, implementation validation, and security testing.
• Ensure compliance with NIST SP 800-53, CNSSI 1253, DoD, and Treasury directives.

2. Continuous Monitoring & Vulnerability Management

• Monitor and analyze vulnerability scans (ACAS, SCAP).
• Review and validate STIG compliance.
• Conduct log analysis using tools such as Splunk.
• Track remediation timelines and validate closure evidence.
• Ensure 90% of POA&M items are completed or re-baselined prior to due date.
• Provide weekly vulnerability/risk reporting.

3. POA&M Lifecycle Management

• Develop and manage POA&M documentation.
• Coordinate with system owners to ensure timely remediation.
• Provide 30/60/90-day remediation tracking.
• Report POA&M status to leadership and COR.
• Maintain compliance metrics and documentation in Treasury authoritative systems.

4. Incident Response & Cyber Exercises

• Support Cyber Security CIRC and Incident Response processes.
• Conduct and participate in:
• Monthly Incident Response exercises
• Monthly Contingency Response exercises
• Annual DR/COOP exercises
• Report security incidents within required timelines (≤ 2 hours for reporting metrics).
• Prepare annual Security Incident Response reports.

5. Security Operations & Hardening

• Ensure all IT assets are configured per Government baseline configurations.
• Validate security settings before implementation.
• Document configuration deviations and manage waiver process.
• Support HBSS compliance (HIPS, Policy Auditor, ABM, RSD, DCM).
• Ensure patch compliance meets 100% ± 2% security patching requirements.

6. Forensics & Investigative Support

• Assist in:
• FOIA-related searches
• Litigation support
• File recovery and disk recovery
• Encryption/decryption activities
• Conduct forensic analysis using industry-standard tools.

7. Security Documentation & Reporting

• Develop and update:
• Security Operational Documentation
• Privacy Impact Assessments
• Incident Response Plans
• Business Impact Analysis (BIA)
• Configuration Management Plans
• Submit:
• Weekly Vulnerability/Risk Reports
• Monthly Log Review Reports
• Quarterly Privileged User Account Reports
• Annual DR/COOP Exercise Reports
• IT Security Training Reports

8. Training & Awareness

• Ensure 100% of active users maintain current IT Security Training.
• Track and report security awareness compliance.
• Support onboarding security documentation validation.

Required Qualifications

• Bachelor's degree in Cybersecurity, Information Assurance, Computer Science, or related field (or equivalent experience).
• Minimum 5-8 years of cybersecurity experience.
• Experience supporting federal or national security information systems.
• Experience with RMF / A&A processes.
• Experience with vulnerability scanning tools (ACAS, SCAP).
• Experience with log monitoring and analysis (Splunk).
• Strong understanding of:
• NIST SP 800-53
• FISMA
• DoD RMF
• STIG implementation
• CNSSI 1253

Required Certifications (DoD 8140 Compliant)

• One or more of the following (IAM Level II/III equivalent preferred):

• CISSP
• CISM
• GSLC
• CASP+
• Security+

This opportunity is in Washington DC

CALNET, Inc. offers a competitive salary and a generous benefits package. This package includes medical, dental, vision, life, short- and long-term disability insurances, a 401(k)-retirement savings plan, and generous leave time.

CALNET, Inc. is an Equal Opportunity Employer. EEO/M/F/D/V