Information System Security Officer (ISSO)

Information System Security Officer (ISSO)

Location: Gaithersburg, MD

Required Clearance: TS/SCI with Polygraph

Employment Type: Full-Time Regular

Shift: Day

Travel: No

Relocation Assistance: Yes

Company Overview

We are Ennoble First. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that's important. Ennoble First is your place. You make it your own by embracing autonomy, seizing opportunity, and being trusted to deliver your best every day. We think. We act. We deliver. There is no challenge we can't turn into an opportunity.

Position Overview

Ennoble First is seeking an Information System Security Officer (ISSO) to support mission-critical intelligence systems within the Analysis Sustainment portfolio. The ISSO will be responsible for managing authorizations and risks related to the processing, storage, and transmission of information while ensuring compliance with government and corporate cybersecurity requirements.

The ISSO will support Assessment and Authorization (A&A) activities, vulnerability management, continuous monitoring, security documentation, and risk mitigation efforts while partnering with system owners, administrators, engineers, and government stakeholders to maintain the security posture of critical mission systems.

Primary Responsibilities

• Develops risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals, and business processes.
• Must be able to quickly respond to the needs for updates and maintenance of security documentation, especially System Security Plans, Plans of Actions and Milestones (POA&Ms); Security Impact Assessment for proposed system changes, and Concept of Operations that identify and explain how each system satisfies its assigned security control baselines.
• Maintains system security plans and related configuration records in customer Service+ (ServiceNow), XACTA-360 platform, and security management tools.
• Drives necessary security changes through steering groups and control review boards to meet Risk Management milestones.
• Can work independently as well as collaboratively to drive security process improvements, especially to address gaps in meeting customer security requirements and due diligence responsibilities.
• Provides guidance and engages technical teams to implement secure software and hardware processes, government security standards, and industry security best practices.
• Resolves highly complex security problems by applying technical knowledge, conceptualizing, reasoning, and interpretation of requirements.
• Communicates with program leadership and customer stakeholders regarding matters of significant importance to the organization and project.
• Applies in-depth understanding of information security principles, theories, concepts, and their application across a range of programs.
• Develops and maintains security documentation in accordance with NGA, Intelligence Community, DoD, DISA, NIST, and industry standards.
• Initiates and coordinates Assessment and Authorization (A&A) and renewal activities with Designated Authorizing Officials and supporting organizations.
• Addresses Information Assurance and Cybersecurity notices, orders, taskings, and directives in accordance with vulnerability and patch management processes.
• Measures effectiveness of defense-in-depth architectures and Zero Trust implementations against known vulnerabilities.
• Performs security audits and assessments, including creation, tracking, and remediation support for POA&Ms.
• Coordinates with System Administrators and technical teams to remediate vulnerabilities, track findings, and document mitigation activities.
• Updates Security CONOPS and Information Technology Disaster Recovery (ITDR) plans.
• Manages security profiles and implementation activities for systems and services scheduled for Assessment and Authorization.
• Works closely with Systems Engineers, Administrators, ISSMs, security teams, and stakeholders to maintain security plans and associated documentation.
• Maintains records and documentation related to system upgrades, patches, and connectivity configurations.
• Evaluates security solutions and implementation strategies while maintaining the operational security posture of development, integration, and deployed capabilities.
• Provides training and approves user access and identification, authorization, and authentication mechanisms for information systems.

Required Qualifications

• BS degree and 8 to 12 years of prior relevant experience to operate within the scope of responsibilities.
• Active TS-SCI clearance with Polygraph.
• Experience that demonstrates an understanding and application of the ICD-503 and NIST risk management framework.
• Experience developing, maintaining, and updating RMF security documentation including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Security Impact Assessments (SIAs), Concepts of Operations (CONOPS), and Assessment & Authorization (A&A) artifacts.
• Experience supporting system accreditation activities, security control assessments, continuous monitoring, vulnerability remediation, and authorization efforts within NIST RMF and/or ICD-503 environments.
• Experience desired with the following systems/platforms/tools: XACTA; XACTA 360 (preferred); HBSS; ACAS; Nessus, SPLUNK.

Preferred Qualifications

• NGA experience desired.
• Has 3+ years of experience operating, analyzing, and resolving vulnerability scan results using tools such as Nessus, Tenable Security Center, or a comparable commercial or GOTS product.
• Active Certified Information Systems Security Professional (CISSP) certification or ISACA Certified Information Security Manager (CISM) certification.
• Intelligence Community experience preferred.

Pay Range

$135,000-$160,000

The Ennoble First pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Equal Employment Opportunity

Ennoble First is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to any characteristic protected by law.

E-Verify Participation

Ennoble First participates in E-Verify. Learn more at www.dhs.gov/E-Verify .

E-Verify is a registered trademark of the U.S. Department of Homeland Security.

Ennoble First is committed to providing a diverse and inclusive work environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Ennoble First participates in E-Verify.

The information below will be listed on our website's careers landing page.

EEO is the Law | Pay Transparency Nondiscrimination

www.dhs.gov/E-Verify

E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.