Information Systems Security Officer (ISSO), Network Security, TS/SCI
DSA · Charlottesville, VA · 3 wk ago
Information TechnologyFull-time
Responsibilities
- Support cybersecurity compliance, risk management, and continuous monitoring for enterprise network systems.
- Review and validate security configurations for Cisco routers, switches, firewalls, and related network infrastructure.
- Support DISA STIG validation, SCAP benchmarks, security baselines, and device hardening requirements.
- Conduct, review, and validate vulnerability scans using ACAS, Tenable Nessus, STIG Viewer, and other approved DoD tools.
- Analyze vulnerability findings, identify false positives, document risk, and coordinate remediation with network engineering teams.
- Develop and maintain RMF documentation including SSPs, POA&Ms, Continuous Monitoring artifacts, hardware and software inventories, network diagrams, and control implementation details.
- Support ATO package development, renewal, extension, audit readiness, and authorization sustainment activities.
- Review firewall rules, access control lists, ports, protocols, services, VPN connections, network flows, and boundary protection controls.
- Support change control reviews by assessing network changes for cybersecurity, RMF, documentation, and compliance impacts.
- Monitor compliance through eMASS, ACAS, STIG Viewer, vulnerability management tools, and other approved DoD systems.
- Support incident response activities by reviewing network related alerts, logs, firewall events, syslog data, authentication events, and corrective actions.
- Prepare security status updates, vulnerability summaries, POA&M updates, compliance reports, and risk briefings for stakeholders and leadership.
Requirements
- Minimum 4 years of experience supporting cybersecurity, information assurance, network security, RMF, vulnerability management, or secure infrastructure operations.
- Experience supporting cybersecurity activities within the DoD, Intelligence Community, or other secure enterprise environment.
- Demonstrated understanding of DoD cybersecurity policy, RMF lifecycle, continuous monitoring, and authorization sustainment.
- Experience developing or maintaining SSPs, POA&Ms, Continuous Monitoring documentation, control implementation details, and authorization artifacts.
- Familiarity with eMASS for control tracking, package updates, risk documentation, and authorization maintenance.
- Hands on experience with ACAS, Tenable Nessus, STIG Viewer, SCAP, or vulnerability management processes.
- Experience reviewing, validating, or remediating vulnerability findings for network devices or supporting infrastructure.
- Experience applying or validating DISA STIGs, secure configuration baselines, and hardening guidance.
- Working knowledge of Cisco routers, switches, firewalls, Cisco ASA, Cisco Firepower, Cisco Secure Firewall, Cisco ISE, Catalyst, Nexus, ISR, or ASR platforms.
- Working knowledge of routing, switching, VLANs, ACLs, firewall policies, ports, protocols, VPNs, IPsec, NAT, DNS, DHCP, subnetting, logging, and boundary protection.
- Ability to review network diagrams, firewall rule sets, data flows, ports and protocols, and system interconnections for security and compliance impacts.
- Experience coordinating with network engineers, system administrators, ISSMs, ISSEs, system owners, and mission partners to resolve security findings.
- Knowledge of NIST SP 800-37, NIST SP 800-53, CNSSI 1253, DISA STIGs, DoD cybersecurity policy, and Intelligence Community cybersecurity requirements.
- Strong documentation, communication, analytical, and coordination skills.
Preferred Experience/Qualifications
- CCNP, CCNP Security, Cisco CyberOps, or equivalent network security certification.
- CISSP, CISM, CGRC, CAP, CASP+, SecurityX, CySA+, CEH, PenTest+, or equivalent cybersecurity certification.
- Experience supporting DoD or Intelligence Community network environments.
- Experience securing, assessing, or documenting Cisco ASA, Cisco Firepower, Cisco Secure Firewall, Cisco ISE, Catalyst, Nexus, ISR, or ASR platforms.
- Experience reviewing firewall rules, access control policies, route tables, network diagrams, ports and protocols, VPNs, boundary security, or system interconnection documentation.
- Familiarity with Zero Trust principles, network segmentation, identity based access control, and modern DoD cybersecurity architecture.
- Experience with Splunk, Elastic, ELK Stack, OpenSearch, SolarWinds, Wireshark, NetFlow, syslog, firewall logs, or other tools used to support monitoring and incident response.
- Familiarity with network automation or scripting tools such as Ansible, Python, PowerShell, Terraform, or Cisco Catalyst Center.
- Knowledge of continuous authorization, continuous monitoring, governance, risk management, and compliance sustainment.