Job Title: Information Systems Security Officer (ISSO) 3
MUST Possess An Active TS/SCI with Full Scope Poly
Position Overview: We are seeking an experienced and highly motivated Information Systems Security Officer (ISSO) 3 to join our team. In this role, you will manage the information security posture of both classified and unclassified systems, ensuring the protection of sensitive data and compliance with established security frameworks. You will work collaboratively with government stakeholders, technical teams, and subject matter experts (SMEs) to safeguard information, perform risk assessments, and lead security authorization efforts. Your expertise in security best practices, risk management, and system documentation will be pivotal in ensuring the continuous monitoring and defense of our organization's IT infrastructure.
Key Responsibilities:
- Security Management: Oversee the entire lifecycle of information security for classified and unclassified systems, including research, testing, implementation, training, and program management to protect sensitive information from potential threats and vulnerabilities.
- Risk Management Framework (RMF): Apply comprehensive knowledge of RMF processes, identifying, assessing, and mitigating risks to IT systems. Lead risk analysis efforts, ensuring effective risk management strategies are implemented across the organization.
- Authorization and Compliance: Lead and support Authority to Operate (ATO) and Authority to Proceed (ATP) efforts. Provide independent recommendations and work directly with government leads to ensure the successful authorization of IT systems.
- Vulnerability and Compliance Analysis: Conduct detailed analysis of vulnerability scans, penetration tests, and other audit activities to identify potential threats. Provide actionable insights and recommendations for system improvements and risk mitigation.
- Documentation & Reporting: Create, review, and maintain key security documentation, including but not limited to System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), Configuration Management Plans, Contingency Plans, and Risk Assessments. Ensure compliance with security requirements and provide clear, accurate status reports to stakeholders.
- Agile Participation: Actively engage in Agile Planning events, contributing technical insights and providing expert security input to ensure security is integrated throughout the development lifecycle.
- Continuous Monitoring & Security Posture Management: Ensure the security posture of IT systems is maintained across on-prem, cloud, and hybrid environments. Lead continuous monitoring efforts to identify and resolve emerging security risks.
Required Qualifications:
- Education & Experience: Bachelor's degree in a relevant field and 5-8 years of direct experience in information security, or 7 years of related experience with expertise in IT systems security.
- Security Clearance: Active TS/SCI clearance with CI Polygraph.
- Core Competencies:
- Strong understanding of the NIST Risk Management Framework (RMF), including NIST SP 800-53, SP 800-30, SP 800-60, FIPS 199, FIPS 140-2, and other federal security standards.
- Proven experience in developing and maintaining System Security Plans (SSPs) and other security-related documentation.
- Experience with vulnerability management tools such as Tenable Nessus, Security Center, or similar platforms.
- In-depth knowledge of cloud computing technologies and services, including AWS, Microsoft Azure, and VMware.
- Expertise in analyzing test results (vulnerability scans, audits, penetration tests) and determining associated risk levels.
- Proficiency with Microsoft Office 365 Suite (Word, PowerPoint, Excel, SharePoint).
- Soft Skills:
- Strong communication skills, with the ability to articulate complex security concepts and status updates to non-technical stakeholders.
- Self-starter with the ability to work independently and within a team, building strong relationships across various divisions.
- Comfort with briefing security issues and presenting security posture to government customers.
Desired Qualifications:
- Familiarity with Scaled Agile Framework (SAFe), Agile development practices, and DevSecOps methodologies.
- Experience with security management in virtualized environments, including VDI and VMware.
- Familiarity with security tools such as Jira, Jira Align, or ServiceNow.
- Cybersecurity program experience within federal government agencies.
- Relevant certifications such as CISSP, CCSP, AWS Certified Security Specialty, Microsoft Azure Security Engineer, CISA, CAP, or SAFe 6.