Cybersecurity Information System Security Officer – ISSO

This is a fully remote position, open to applicants in United States.

📋 Description

• Accountable for the daily security operations of one or more information systems.

• Ensure the system’s Authorization to Operate (ATO) is maintained under the DoD Risk Management Framework (RMF).

• Act as the main contact point for the Information System Security Manager (ISSM), the Authorizing Official’s representative, and the engineering team regarding all aspects of system security.

• Create and uphold a comprehensive set of RMF artifacts, including the System Security Plan (SSP), Security Assessment Plan (SAP), Plan of Action and Milestones (POA&M), Continuous Monitoring strategy, Privacy Impact Assessment, and Contingency Plan.

• Guide packages through eMASS or a similar system.

• Monitor vulnerabilities, IAVMs, and STIG compliance; oversee POA&M closure; coordinate audits and assessments; evaluate system changes for security implications.

• Convert policy (NIST 800-53, CNSSI 1253, DoDI 8500.01, 8510.01) into clear engineering directives.

• Proactively address unusual or complex issues with minimal guidance.

• Function efficiently in a dynamic technical environment supporting senior military leadership.

• Collaborate closely with the Cybersecurity Engineer, engineering team, and government stakeholders to ensure the system remains secure, compliant, and operational.

⛳️ Requirements

• Active Secret clearance is required, with the capability to obtain and maintain a Top-Secret clearance.

• At least 3 years of experience as an ISSO, ISSM, or in a comparable role within DoD information systems.

• Proven experience navigating systems through the RMF process and achieving/maintaining ATO.

• Practical experience in authoring and maintaining SSPs, SARs, POA&Ms, and Continuous Monitoring documentation.

• Familiarity with NIST SP 800-53, NIST SP 800-37, CNSSI 1253, and relevant DoD/CJCS guidelines.

• Experience with eMASS, Xacta, or similar governance, risk, and compliance (GRC) tools.

• DoD 8570/8140 IAM Level II certification (Security+ CE, CAP, CASP+, or equivalent) required at the time of hire.

• Active DoD Top-Secret Clearance (Desired).

• Bachelor’s or Master’s Degree in Cybersecurity, Information Systems, or a related field (Desired).

• DoD 8570/8140 IAM Level III certification (CISSP, CISM, or equivalent) (Desired).

• Experience supporting Special Operations, Intelligence Community, or Combatant Command customers (Desired).

• Experience with cloud ATOs in Azure Government, AWS GovCloud, or Microsoft 365 GCC High (Desired).

• Knowledge of DevSecOps, CI/CD security gates, and continuous ATO (cATO) methodologies (Desired).

• Previous experience as a Security Control Assessor (SCA) or as a member of an assessment team (Desired).

🏝️ Benefits

• High Fringe/Full-Time