Information Systems Security Officer

5+ years of experience implementing risk management methodologies contained in best practice documentation such as NIST SP 800-30, SP 800-53, SP 800-128, SP 800-160, SP 800-171, or CIS benchmarks, in support of system security configurations, practices, and oversight
3+ years of experience providing cybersecurity leadership in an ISSO capacity, interfacing with internal and external SMEs such as PMs, Cyber Assessors, and AOs
Experience with control implementations associated with RMF, FedRAMP, ICD 503, and DoD Information Levels, including applying them to the design and implementation of IT solutions to achieve system authorizations
Experience implementing and maintaining security controls within AWS cloud, containerized, CI/CD pipeline, and Agile development environments
Experience developing and reviewing ATO authorization packages in Xacta or eMASS
Experience analyzing compliance and vulnerability scan results and implementing appropriate mitigations
Experience performing audit log reviews to detect anomalous behavior in information systems and networks and overseeing continuous monitoring activities
TS/SCI clearance
Bachelor’s degree
CGRC/CAP, CASP+, CCSP, Cloud+, SSCP, Security+, or GSEC certification

Work with government stakeholders and a cloud-based application and platform development team to identify cyber risks, understand applicable policies, and develop a mitigation plan
Review technical, environmental, and personnel details from security engineers, platform and application developers, and enterprise architects to assess the entire threat landscape
Coordinate with product delivery teams to ensure their products meet DoD cybersecurity standards
Support a larger cyber team to collectively guide clients through a plan of action with presentations, documentation, and milestones
Conduct risk assessments, considering data confidentiality, integrity, and availability
Be involved in organized Incident Response actions such as consulting, guiding, and reporting back to key stakeholders
Support the team in meeting authorization timelines and coordinating communications with external entities in support of that objective

Experience with DoD security technical implementation guides (STIGs), checklists, and testing tools, including STIG Viewer, SCAP, and ACAS scanning tools
Experience with cyber related tools such as Ansible, Terraform, Splunk, or STIG Viewer
Ability to work through challenging security requirements to maintain compliance
Possession of excellent written, organizational, presentation, and verbal communication skills
Bachelor’s degree in IT, Cybersecurity, Data Science, Information Systems, or CS
DoD 8570 IAT III or IAM III level Certification such as CISSP Certification
AWS Solutions Architect or Certified Security – Specialty Certification