Information System Security Officer

Job Title
Information System Security Officer (ISSO)

Job Description

Summary

We are seeking a skilled Information System Security Officer (ISSO) to help ensure the security and continued compliance of our classified information systems. In this role, you will work closely with our Director of IT and Facility Security Officer (FSO) to implement and maintain cybersecurity policies, support system accreditation efforts, and monitor ongoing compliance with government standards such as NIST SP 800-53 and RMF. This is a hands-on role ideal for someone who has experience in both IT and security and who thrives in a fast-paced, security-focused environment.

Key Responsibilities

• Responsible for supporting Risk Management Framework program as stipulated by various US Government requirements including (but not limited to): National Industrial Security Operating Manual (NISPOM), and the DCSA Assessment and Authorization Process Manual (DAAPM)
• Monitor Risk Management Framework compliance by performing periodic self-inspections, tests, and reviews of information systems to ensure that workstations/servers are operating as authorized/accredited.
• Coordinate with program/project stakeholders, Information System Security Manager, the Facility Security Officer, and Program Leads to develop, maintain, and evaluate security documentation, including System Security Plan, System Security Authorization Agreements, and SOPs
• Maintain day-to-day security posture and continuous monitoring of IS including security event log review and analysis.
• Performs Assessment and Authorization activities such as information system certification testing of required configuration controls and preparing/maintaining various documentation such as: Standard Operating Procedures (SOP), System Security Plan (SSP), Risk Assessment Report (RAR), etc.
• Manages and maintains Continuous Monitoring (ConMon) and Plan of Action and Milestones (POA&M).
• Responsible for security sustainment activities including (but not limited to): hardware change management, software change management, account management, media protection, user interface, file transfers, etc.
• Maintain thorough understanding of NIST 800-53 controls.
• Maintain a relationship with our ISSP and other mission partners
• Will support the Facility Security Officer (FSO) in managing and maintaining the company’s security program, ensuring compliance with all applicable government regulations and company policies.
• Administrative experience tracking and record keeping
• Assist the FSO with the overall security program.
• Perform administrative security support functions

Supervisory Responsibility

This position has no direct supervisory responsibilities.

Physical Demands

While performing the duties of this job, the employee is regularly required to talk or hear. Specific vision abilities required by this job include close vision and ability to adjust focus. This would require the ability to lift files, open filing cabinets and bend or stand on a stool as necessary. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Travel

About 10% travel is expected for this position

Position Type/Expected Hours of Work

This is a full-time position at 40 hours per week. Typical office hours include Monday-Friday, 8:00am-4:30pm; however, these hours may vary based on workload and the manager’s discretion. This job may require more than 40 hours of work per week as the need arises.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

About FIRST RF

FIRST RF is a fast-growing, multi-discipline, privately owned small business focused on engineering and manufacturing of advanced technologies - specifically in antennas and radio frequency (RF) systems. We are an energetic team empowered with world-class facilities and resources. We promote a culture which prioritizes innovation and responsiveness. By making bold investments in the development of groundbreaking technologies, FIRST RF has fielded award-winning products ranging from revolutionary passive antennas to highly complex, active antenna systems.

Benefits Summary

We offer all employees four weeks of PTO each year, flexible scheduling, hybrid work, tuition reimbursement, up to 6% 401(k) match, and healthcare, dental, and vision plans.

AAP/EEO Statement

We are an Equal Employment Opportunity employer committed to providing equal opportunity in all of our employment practices, including selection, hiring, assignment, re-assignment, promotion, transfer, compensation, discipline, and termination. The Company prohibits discrimination, harassment, and retaliation in employment based on race; color; religion; genetic information; national origin; sex (including same sex); sexual orientation; gender identity; pregnancy, childbirth, or related medical conditions; age; disability or handicap; citizenship status; service member status; or any other category protected by federal, state, or local law. We support protected veterans and individuals with disabilities through our affirmative action program.

Qualifications

Required Education and Experience

• Bachelor’s degree, associate degree, or equivalent military/work experience
• Final Secret security clearance with a current background investigation.
• Familiarity/knowledge of vulnerability/compliance/audit tools.
• Experience with configuration/certification and auditing/analysis of Windows/Linux operating systems in a Peer-to-peer and LAN network environment.
• Ability to work with people in a team environment and deal effectively with changing project priorities.
• 2-5 years of relevant experience within information assurance (IA) frameworks, including NIST 800-171 and NIST 800-53

Preferred Education and Experience

• Security+ and/or relevant IT Certifications
• Previous security experience working in a Top Secret and/or SAP/SCI environment.
• Two (2) to four (4) years' experience as an ISSO or SA implementing DAAPM, NISPOM, and/or RMF requirements.
• Familiarity/understanding using authorization/accreditation databases (eMASS).
• Experience in RMF or ICD 503 or other information security frameworks helpful but not required
• Experience with eMASS
• Maintain system certification packages in a centralized repository, supporting primarily NIST 800-53 and Risk Management Framework
• Manage Plans of Action and Milestones (POA&Ms) and System Controls within the centralized repository