Information System Security Officer

Responsibilities

• Manage the full RMF lifecycle per DoDI 8510.01, including use of Enterprise Mission Assurance Support Service (eMASS) for all A&A documentation.
• Prepare, submit, and maintain complete system authorization packages to achieve and maintain Approval to Operate (ATO) status.
• Develop and enforce a technology review process for all new software, hardware, and cloud services.
• Validate compliance with the DoD Approved Products List (APL) and assess cybersecurity risks prior to implementation.
• Maintain and document authorized hardware/software baselines.
• Participate in the Configuration Control Board (CCB) and ensure all changes are vetted, tested, and approved.
• Implement and maintain configurations per DISA STIGs and Security Requirements Guides (SRGs).
• Conduct vulnerability scanning and compliance monitoring using tools such as ACAS.
• Perform remediation activities including patching, scripting, and configuration updates within established timelines.
• Manage and track Plans of Action and Milestones (POA&Ms).
• Develop formal risk acceptance packages including justifications and compensating controls.
• Maintain communication with government leadership regarding cybersecurity risk and compliance metrics.
• Maintain and review system audit logs per DoD requirements.
• Support cybersecurity incident response activities and coordinate with DoD Cyber Incident Response teams as required.
• Develop, maintain, and test the System Contingency Plan (NIST SP 800-34), including documentation of lessons learned.
• Performs other related duties as assigned.

Qualifications

• Active DoD Secret clearance.
• DoD 8570/8140 IAM Level II or III certification (e.g., CAP, CASP+, CISSP, CISM).
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field, or equivalent experience.
• 5+ years of cybersecurity or ISSO experience supporting DoD or Federal programs.
• Experience managing RMF processes and using eMASS for A&A documentation.
• Familiarity with DISA STIGs, NIST SP 800-series, DoDI 8510.01, and ACAS tools.
• Strong understanding of configuration management, vulnerability management, and incident response procedures.

• Experience supporting judicial or defense organizations.
• Strong written communication skills with the ability to prepare formal cybersecurity documentation.

About Us

Benefits