Information System Security Officer (ISSO)

Description

Responsibilities

• Support the ISSM in maintaining the security posture of assigned information systems.
• Assist in the development, implementation, and maintenance of RMF authorization documentation including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and supporting artifacts.
• Perform continuous monitoring activities including audit log review, configuration validation, vulnerability tracking, and security control verification.
• Coordinate system changes through configuration management processes and conduct security impact assessments for proposed modifications to hardware, software, or system architecture.
• Verify that user access is granted only to individuals with the appropriate clearance, authorization, training, and need-to-know.
• Track and manage vulnerabilities identified through vulnerability scans, security assessments, and compliance checks, ensuring remediation actions are documented and completed.
• Report cybersecurity incidents, anomalies, and security violations in accordance with organizational and government reporting requirements.
• Participate in configuration control boards (CCB) or change management activities when security impact assessments are required.
• Ensure system security documentation remains current, accurate, and available to authorized personnel.
• Support internal and external security inspections, authorization activities, and compliance assessments.
• Coordinate with IT and engineering teams to ensure systems are configured in accordance with approved security baselines and applicable DISA STIGs.

• NISPOM (32 CFR Part 117)
• DoDI 8510.01 – Risk Management Framework (RMF)
• NIST SP 800-53 Security Controls
• NIST SP 800-171 (Protection of Controlled Unclassified Information)
• CMMC 2.0
• DISA Security Technical Implementation Guides (STIGs)
• DoD 8140 Cyber Workforce Framework

Minimum Qualifications

• DoD 8140 compliant certification meeting IAT Level II or IAM Level I requirements (e.g., Security+ CE, CAP, CASP+, CISM, CISSP)
• Experience supporting RMF authorization processes and maintaining system authorization documentation
• Experience developing and maintaining SSPs, POA&Ms, and related authorization artifacts
• Demonstrated knowledge of NIST SP 800-53 security controls
• Demonstrated knowledge of NIST SP 800-171 and CMMC Level 2 requirements
• Experience reviewing system logs and conducting security compliance reviews

Preferred Skills and Experience

• Familiarity with NISPOM requirements for cleared defense contractors
• Experience managing authorization packages within eMASS or similar RMF tools
• Experience applying DISA STIGs to operating systems and applications
• Experience with security and vulnerability management tools such as Nessus, Splunk, or SCAP/STIG Viewer
• Experience supporting security assessments, audits, or authorization activities
• Familiarity with COMSEC environments or classified system operations
• Experience supporting government contract security requirements including DD Form 254
• Experience managing security requirements across multiple programs or systems

• U.S. Citizenship with an active Top Secret security clearance and eligibility for SCI access