Jobs · Information Technology · Virginia

Cleared Information System Security Officer (ISSO) — L3

Virtual Service Operations · Lorton, VA · 4 wk ago
Information TechnologyFull-time

About the role

The Virtual Service Operations is seeking an Information System Security Officer (ISSO) Level 3 to join their team in Lorton, Virginia. The ISSO supports cybersecurity, compliance, and risk management activities for DoD information systems operating within classified and/or controlled environments.

Responsibilities

  • Auxiliary ISSM Support & Core Security Authorities
  • Support the ISSM in meeting their duties and responsibilities, and assume ISSM responsibilities in the ISSM’s absence.
  • Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures outlined in the security authorization package.
  • Verify that all users possess the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities prior to being granted access to the system.
  • Report all security-related incidents to the ISSM.
  • Conduct periodic reviews of information systems to verify continued compliance with the security authorization package.
  • Serve as a member of the Configuration Control Board (CCB) when designated by the ISSM.
  • Coordinate any changes or modifications to system hardware, software, or firmware with the ISSM and Authorizing Official/Designated Authorizing Official (AO/DAO) prior to implementation.
  • Formally notify the ISSM and AO/DAO when changes occur that might affect the system’s security authorization.
  • Maintain an equivalent IAM Level 2 certification based on the DoD 8140 standard.
  • Participate in joint agile backlog planning, providing feedback to the software development and infrastructure teams on high- and medium-risk items that require Information System Owner approval.
  • Cybersecurity Compliance & RMF Support
  • Support the implementation and maintenance of cybersecurity requirements in accordance with JSIG, RMF, and applicable DoD policies.
  • Aid in developing, maintaining, and updating RMF documentation including:
    • System Security Plans (SSPs)
    • Security Control Traceability Matrices (SCTMs)
    • Plans of Action and Milestones (POA&Ms)
    • Security Assessment Reports (SARs)
    • Continuous Monitoring Plans
  • Ensure security controls are implemented and maintained in accordance with approved security baselines.
  • Support security authorization efforts throughout the RMF lifecycle.
  • Continuous Monitoring & Vulnerability Management
  • Conduct continuous monitoring activities to maintain system authorization.
  • Review and analyze vulnerability scan results from tools such as ACAS.
  • Track remediation efforts and validate closure of identified vulnerabilities.
  • Assist with risk assessments and development of mitigation strategies.
  • Monitor system changes for security impact and support configuration management activities.
  • Security Operations
  • Coordinate and support security audits, inspections, and assessments.
  • Maintain security-related records, reports, and artifacts required for compliance reviews.
  • Investigate and document cybersecurity incidents and assist with incident response activities.
  • Ensure audit records are collected, reviewed, retained, and documented in accordance with security requirements, including any identified anomalies.
  • Verify proper implementation of system hardening standards and security configurations.
  • Work with information system security engineers to ensure secure system configurations.
  • Review proposed system changes and evaluate security implications.
  • Validate compliance with approved configuration baselines.
  • Support enforcement of least privilege and separation of duties principles.
  • Provide security guidance to system users and administrators.
  • Documentation & Reporting
  • Maintain accurate cybersecurity documentation and records, ensuring all IS security-related documentation is current and accessible to properly authorized individuals.
  • Prepare reports and briefings for program leadership, ISSM, and government representatives.
  • Support internal and external cybersecurity assessments.

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or related field (or equivalent experience).
  • 5+ years of cybersecurity, information assurance, or information systems security experience.
  • Experience supporting DoD RMF processes and cybersecurity compliance efforts.
  • Working knowledge of:
    • JSIG requirements and security artifacts
    • NIST SP 800-53 security controls
    • DoD RMF processes
    • STIG implementation and compliance
    • Vulnerability management processes
  • Active TS/SCI clearance.
  • Current DoD 8570/8140 compliant certification such as: CISA, CASP+, CISSP, CISM.

Preferred Qualifications

  • Experience supporting SAP, SCI, or other classified environments.
  • Experience with Windows, Linux, and virtualized environments.
  • Familiarity with Cross Domain Solutions (CDS).
  • Experience with ACAS, Splunk, Tenable, Trellix ePO or similar cybersecurity tools.
  • Knowledge of cloud security requirements within DoD environments.
  • Experience supporting security assessments and authorization packages.
  • Strong understanding of cybersecurity principles and risk management practices.
  • Excellent analytical and problem-solving skills.
  • Strong written and verbal communication skills.
  • Ability to work independently and collaboratively in a mission-focused environment.
  • Strong attention to detail and documentation accuracy.
  • Must be within driving distance of Lorton, VA OR willing to relocate there (Relocation Assistance Package Available).
  • Must be willing to work onsite (This role may include the need to work outside of core hours on high priority investigations and may also include on-call responsibilities).
  • Active TS/SCI clearance required.
  • Current DoD 8570/8140 compliant certification such as CISA, CASP+, CISSP, or CISM.
  • Strong written and verbal communication skills with excellent attention to detail and documentation accuracy.
  • Ability to work independently and collaboratively in a mission-focused environment.
  • Must be willing and able to travel frequently.

Benefits

As part of the VSO company, you will be part of a virtue-centered team who value their work and teammates. This is a no-jerk zone. We provide ongoing learning and development opportunities to foster continuous growth. We offer competitive salaries, health benefits, and flexible work arrangements.

Pay

Competitive salaries.

Schedule

Flexible work arrangements.

Similar jobs