Information Systems Security Officer

• →Support the full Risk Management Framework (RMF) lifecycle for classified information systems.
• →Develop, maintain, and update RMF documentation and security authorization packages.
• →Coordinate activities required to obtain and maintain Authority to Operate (ATO) approvals.
• →Conduct security control assessments and compliance reviews.
• →Monitor and track vulnerabilities, findings, and remediation efforts.
• →Support Continuous Monitoring (ConMon) activities and ongoing security assessments.
• →Review system configurations and scan results to ensure compliance with security requirements.
• →Collaborate with System Administrators and System Owners to implement and maintain security controls.
• →Monitor privileged user activities and support oversight requirements.
• →Participate in security audits, inspections, and cybersecurity reviews.
• →Provide recommendations for risk mitigation and system security improvements.

• Active TS/SCI with Full Scope Polygraph security clearance.
• U.S. Citizenship.
• Experience supporting Information Assurance, Cybersecurity, or ISSO activities within classified environments.
• Strong understanding of the Risk Management Framework (RMF) process.
• Knowledge of:
  • Authority to Operate (ATO) processes
  • Security Control implementation and assessment
  • Continuous Monitoring (ConMon)
  • Risk assessment methodologies
• Experience with RMF and cybersecurity compliance tools, including:
  • LATTEART
  • XACTA
  • BISCOTTI
  • WATCHCAT
  • STE
• Experience with compliance and configuration scanning tools.
• Familiarity with:
  • NIST SP 800-53 Revision 3 and/or Revision 5
  • NIST SP 800-37
• Strong written and verbal communication skills.
• Ability to work independently and collaboratively in a mission-focused environment.

• Experience supporting classified Government systems.
• Familiarity with auditing and compliance requirements.
• Experience coordinating with Authorizing Officials, Security Control Assessors, ISSMs, and System Owners.
• Understanding of vulnerability management and remediation processes.
• Knowledge of system administration concepts and operating system security.
• Security certifications such as:
  • CompTIA Security+
  • CISSP
  • CAP
  • CASP+
  • CISM

Candidates should have experience developing, reviewing, or maintaining security documentation, including:

• System Security Plans (SSP)
• Plans of Action and Milestones (POA&M)
• Security Plan Findings (SPFs) and Exception Documentation
• Business Impact Assessments (BIA)
• Configuration Management Plans (CMP)
• After Action Reports (AAR)
• Contingency Plans (CP)
• Security Assessment Reports (SAR)
• Risk Assessment Reports (RAR)

Successful candidates will demonstrate:

• Strong attention to detail.
• Excellent organizational skills.
• Effective communication and collaboration abilities.
• Sound risk-based decision-making.
• Ability to balance mission requirements with cybersecurity compliance.
• A proactive approach to identifying and mitigating security risks.