ISSO-ACTIVE SECRET CLEARANCE REQUIRED
full-time • Remote • remote
ISSO-ACTIVE SECRET CLEARANCE REQUIRED
Primary Responsibilities:
- Serve as the lead security representative for system RMF lifecycle activities, including control selection, implementation, testing, and documentation.
- Develop, review, and maintain key RMF artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), Contingency Plans (CPs), and POA&Ms.
- Ensure systems maintain a valid Authorization to Operate (ATO) through continuous monitoring, vulnerability assessments, and compliance reporting.
- Validate the implementation of security controls and document evidence in Enterprise Mission Assurance Support Service (eMASS).
- Collaborate with cybersecurity engineers, auditors, and control assessors to prepare for internal and external security audits and inspections.
- Analyze and respond to scan results, SIEM alerts, audit logs, change management actions, and potential cybersecurity incidents.
- Support the integration of security into DevSecOps pipelines, ensuring secure configuration management, patching, and container security practices.
- Provide security engineering guidance to development and infrastructure teams in areas such as encryption, access controls, secure protocols, and authentication methods.
- Lead the execution of cybersecurity training, awareness initiatives, and policy compliance briefings for staff and stakeholders.
- Identify, assess, and mitigate risks associated with system design, implementation, and operational posture.
- Provide oversight for managing privacy-related data, insider threat indicators, and incident handling workflows in accordance with federal mandates.
- All other duties as assigned by management.
Education/Experience Requirements:
- Bachelor’s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
- Minimum of six (6) years experience in information security/information assurance.
- Minimum of five (5) years of experience in the risk management framework.
- Hands-on experience with Active Directory, Windows/UNIX systems, and relational databases in secure environments.
- Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.
