Information Systems Security Officer (ISSO)

As a Senior Level Information Systems Security Officer (ISSO) you will play a pivotal role in shaping and enhancing cybersecurity initiatives. Your responsibilities may include:

• Conducting technical security assessments and contribute to the security systems.
• Ensuring system security compliance, manage risks, and support certification activities throughout the program life cycle.
• Work with the application leads, sysadmins, DBAs, developers, and testers to ensure the assigned systems are security compliant and achieve/maintain ATO.
• Answering questions to ensure systems are developed with security compliance built in.
• Supporting security assessment events and respond to all questions from ISSMs and SCAs
• Developing and maintaining SSPs, POA&Ms, and other required security documentation using XACTA.
• Driving IATT and ATO efforts, coordinating with stakeholders, cyber, and Authorizing Official (AO).
• Implementing and validating NIST 800-53 controls in cloud-native DPaaS environments.
• Applying Zero Trust principles to secure data services, including identity, segmentation, and flow control.

Requirements

Required:

• Active TS/SCI with active CI Polygraph clearance.
• 13 Years of experience in Software or Systems Engineering roles or a highly related field of work with similar scope and responsibilities.
• A Bachelor's degree may be substituted for 4 years of experience and a Master's Degree may be substituted for 6 years of experience.
• Security+ or other IAT II/III level certification that is currently active.
• Proficiency with XACTA and DIA's RMF process, including managing IATT and ATO processes.
• Proficiency with Splunk.
• Experience conducting assessments of existing IT architecture for compliance with security requirements from applicable security frameworks (such as ICD 503).
• Experience with implementing and maintaining system security documentation, including SSPs, SAPs, POA&Ms, and security assessment artifacts, coordinating closely with ISSMs, ISSEs, system owners, and authorizing officials.
• Full-time work in a Sensitive Compartmented Information Facility (SCIF) is required, with flexible hours.

Desired:

• Prior Information System Security Officer or Information System Security Engineer experience
• Proven experience leading cybersecurity initiatives for significant programs, showcasing a comprehensive understanding of large-scale program requirements.
• Demonstrated success in team management, highlighting the ability to effectively guide and coordinate cybersecurity professionals.
• Strong background in communication, with a track record of effectively engaging with customer, program leads, leadership teams, and engineers to convey complex cybersecurity concepts and strategies.