ISSO-ACTIVE SECRET CLEARANCE REQUIRED

Primary Responsibilities:

• Serve as the lead security representative for system RMF lifecycle activities, including control selection, implementation, testing, and documentation.
• Develop, review, and maintain key RMF artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), Contingency Plans (CPs), and POA&Ms.
• Ensure systems maintain a valid Authorization to Operate (ATO) through continuous monitoring, vulnerability assessments, and compliance reporting.
• Validate the implementation of security controls and document evidence in Enterprise Mission Assurance Support Service (eMASS).
• Collaborate with cybersecurity engineers, auditors, and control assessors to prepare for internal and external security audits and inspections.
• Analyze and respond to scan results, SIEM alerts, audit logs, change management actions, and potential cybersecurity incidents.
• Support the integration of security into DevSecOps pipelines, ensuring secure configuration management, patching, and container security practices.
• Provide security engineering guidance to development and infrastructure teams in areas such as encryption, access controls, secure protocols, and authentication methods.
• Lead the execution of cybersecurity training, awareness initiatives, and policy compliance briefings for staff and stakeholders.
• Identify, assess, and mitigate risks associated with system design, implementation, and operational posture.
• Provide oversight for managing privacy-related data, insider threat indicators, and incident handling workflows in accordance with federal mandates.
• All other duties as assigned by management.

Education/Experience Requirements:

• Bachelor’s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
• Minimum of six (6) years experience in information security/information assurance.
• Minimum of five (5) years of experience in the risk management framework.
• Hands-on experience with Active Directory, Windows/UNIX systems, and relational databases in secure environments.
• Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.