Jobs · Information Technology · Utah

Information Systems Security Officer (ISSO)

Space Dynamics Laboratory · North Logan, UT · Today
Information Technology$94k–$160k/yrFull-time

Key Responsibilities

  • Ensures information systems comply with Intelligence Community Directives (ICDs), CNSSI, NIST 800-53, and the Risk Management Framework (RMF) for TS/SCI systems
  • Conducts risk assessments, vulnerability management, and mitigation planning for highly classified systems
  • Performs audits of log review, reduction, and analysis using Splunk to support security monitoring and investigations
  • Led and executed the full Risk Management Framework (RMF) lifecycle to achieve and maintain an Authorization to Operate (ATO) for TS/SCI systems
  • Oversees security operations, threat analysis, and intrusion detection in TS/SCI enclaves
  • Develops and executes incident response plans, including data spill response and containment in classified environments
  • Executes vulnerability scanning using tenable tools (e.g., ACAS) and analyzes results to identify, prioritize, and remediate system vulnerabilities
  • Collaborates with program managers, ISSMs, ISSEs, system administrators, and engineers to ensure secure system design and operation
  • Serves as a trusted advisor to leadership on IC cybersecurity requirements, emerging threats, and risk posture
  • Interfaces with Government stakeholders including Authorizing Officials (AOs), Security Control Assessors (SCAs), and IC oversight teams

Required Qualifications

  • Active TS/SCI clearance
  • 5-10 years of experience in information systems security within IC or other highly classified environments
  • DoW 8570/8140 compliant – IAT Level II and IAM Level II (or higher) required at time of hire
  • Bachelor’s degree in cybersecurity, computer science, information assurance, or a related field (or equivalent experience)
  • Certifications: Security+, CySA+, GSEC, SSCP, CCSP or equivalent
  • Extensive knowledge of IC and DoW security frameworks: ICDs, CNSSI, NIST 800-53, RMF, JSIG, and SAP security controls
  • Experience with security documentation including SSPs, POA&Ms, SARs, ISAs, MOUs, and ATO packages
  • Experience supporting SCI systems, including accreditation and lifecycle management
  • Experience executing Incident Response Plans, including classified data spillage remediation
  • Hands-on experience with Continuous Monitoring (CONMON) activities and reporting
  • Experience using Tenable tools (ACAS) for vulnerability scanning and remediation tracking
  • Experience using Splunk for log analysis and security monitoring
  • Ability to produce detailed technical reports for system owners and stakeholders
  • Strong technical background in vulnerability management, system hardening, and secure architecture

Preferred Qualifications

  • Master’s degree in cybersecurity, computer science, or a related field
  • Certifications: CISSP, CISM, CISA, CGRC, CASP+, or equivalent
  • Familiarity with Service Now (SNOW), eMASS, XACTA, and/or other IC authorization tools
  • Experience with JSIG, ICD 503, and RMF processes
  • Experience with interconnection agreements (ISA/MOU/MOA) in IC environments
  • Deep understanding of multi-enclave architectures, cross-domain solutions, and classified network segmentation
  • Experience assessing and articulating risk for non-implemented or inherited controls
  • Strong understanding of network protocols, system architectures, and secure configurations in TS/SCI environments
  • Ability to translate technical security concepts into mission-relevant risk language for leadership
  • Experience working across multi-disciplinary teams including developers, engineers, and system administrators
  • Demonstrated ability to work independently with minimal supervision in high-security environments

Similar jobs