Cleared Information System Security Officer (ISSO) — L3
Virtual Service Operations · Lorton, VA · 4 wk ago
Information TechnologyFull-time
About the role
The Virtual Service Operations is seeking an Information System Security Officer (ISSO) Level 3 to join their team in Lorton, Virginia. The ISSO supports cybersecurity, compliance, and risk management activities for DoD information systems operating within classified and/or controlled environments.
Responsibilities
- Auxiliary ISSM Support & Core Security Authorities
- Support the ISSM in meeting their duties and responsibilities, and assume ISSM responsibilities in the ISSM’s absence.
- Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures outlined in the security authorization package.
- Verify that all users possess the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities prior to being granted access to the system.
- Report all security-related incidents to the ISSM.
- Conduct periodic reviews of information systems to verify continued compliance with the security authorization package.
- Serve as a member of the Configuration Control Board (CCB) when designated by the ISSM.
- Coordinate any changes or modifications to system hardware, software, or firmware with the ISSM and Authorizing Official/Designated Authorizing Official (AO/DAO) prior to implementation.
- Formally notify the ISSM and AO/DAO when changes occur that might affect the system’s security authorization.
- Maintain an equivalent IAM Level 2 certification based on the DoD 8140 standard.
- Participate in joint agile backlog planning, providing feedback to the software development and infrastructure teams on high- and medium-risk items that require Information System Owner approval.
- Cybersecurity Compliance & RMF Support
- Support the implementation and maintenance of cybersecurity requirements in accordance with JSIG, RMF, and applicable DoD policies.
- Aid in developing, maintaining, and updating RMF documentation including:
- System Security Plans (SSPs)
- Security Control Traceability Matrices (SCTMs)
- Plans of Action and Milestones (POA&Ms)
- Security Assessment Reports (SARs)
- Continuous Monitoring Plans
- Ensure security controls are implemented and maintained in accordance with approved security baselines.
- Support security authorization efforts throughout the RMF lifecycle.
- Continuous Monitoring & Vulnerability Management
- Conduct continuous monitoring activities to maintain system authorization.
- Review and analyze vulnerability scan results from tools such as ACAS.
- Track remediation efforts and validate closure of identified vulnerabilities.
- Assist with risk assessments and development of mitigation strategies.
- Monitor system changes for security impact and support configuration management activities.
- Security Operations
- Coordinate and support security audits, inspections, and assessments.
- Maintain security-related records, reports, and artifacts required for compliance reviews.
- Investigate and document cybersecurity incidents and assist with incident response activities.
- Ensure audit records are collected, reviewed, retained, and documented in accordance with security requirements, including any identified anomalies.
- Verify proper implementation of system hardening standards and security configurations.
- Work with information system security engineers to ensure secure system configurations.
- Review proposed system changes and evaluate security implications.
- Validate compliance with approved configuration baselines.
- Support enforcement of least privilege and separation of duties principles.
- Provide security guidance to system users and administrators.
- Documentation & Reporting
- Maintain accurate cybersecurity documentation and records, ensuring all IS security-related documentation is current and accessible to properly authorized individuals.
- Prepare reports and briefings for program leadership, ISSM, and government representatives.
- Support internal and external cybersecurity assessments.
Requirements
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or related field (or equivalent experience).
- 5+ years of cybersecurity, information assurance, or information systems security experience.
- Experience supporting DoD RMF processes and cybersecurity compliance efforts.
- Working knowledge of:
- JSIG requirements and security artifacts
- NIST SP 800-53 security controls
- DoD RMF processes
- STIG implementation and compliance
- Vulnerability management processes
- Active TS/SCI clearance.
- Current DoD 8570/8140 compliant certification such as: CISA, CASP+, CISSP, CISM.
Preferred Qualifications
- Experience supporting SAP, SCI, or other classified environments.
- Experience with Windows, Linux, and virtualized environments.
- Familiarity with Cross Domain Solutions (CDS).
- Experience with ACAS, Splunk, Tenable, Trellix ePO or similar cybersecurity tools.
- Knowledge of cloud security requirements within DoD environments.
- Experience supporting security assessments and authorization packages.
- Strong understanding of cybersecurity principles and risk management practices.
- Excellent analytical and problem-solving skills.
- Strong written and verbal communication skills.
- Ability to work independently and collaboratively in a mission-focused environment.
- Strong attention to detail and documentation accuracy.
- Must be within driving distance of Lorton, VA OR willing to relocate there (Relocation Assistance Package Available).
- Must be willing to work onsite (This role may include the need to work outside of core hours on high priority investigations and may also include on-call responsibilities).
- Active TS/SCI clearance required.
- Current DoD 8570/8140 compliant certification such as CISA, CASP+, CISSP, or CISM.
- Strong written and verbal communication skills with excellent attention to detail and documentation accuracy.
- Ability to work independently and collaboratively in a mission-focused environment.
- Must be willing and able to travel frequently.
Benefits
As part of the VSO company, you will be part of a virtue-centered team who value their work and teammates. This is a no-jerk zone. We provide ongoing learning and development opportunities to foster continuous growth. We offer competitive salaries, health benefits, and flexible work arrangements.
Pay
Competitive salaries.
Schedule
Flexible work arrangements.