The Information System Security Officer (ISSO) - DEA

Job Title: The Information System Security Officer (ISSO)

Location: Alexandria, VA, remote

Job Category: Information Technology

Time Type: Full-time

Clearance Requirement: No clearance required

Employee Type: W2 or 1099

Citizenship: US Citizen, no Dual Citizenship

NexThreat is seeking an Information System Security Officer (ISSO). The perfect candidate will be responsible for overseeing the security of information systems within the organization. The ISSO ensures compliance with applicable security policies and regulations, including but not limited to the Risk Management Framework (RMF) and various cybersecurity standards. This position demands a proactive approach to risk management and incident response within a cloud computing environment.

Key Responsibilities:

Provide Risk Management Framework (RMF) Support

·Maintain and renew existing Impact Level 4 (IL4) cloud ATO.

·Update records in the Enterprise Mission Assurance Support Service (eMASS), CWBI Hub, and Confluence to include system management information, security controls, implementation plans, control status continuous assessments, and a continuous monitoring plan.

·Analyze Personally Identifiable Information (PII) and Controlled Unclassified Information (CUI) within CWBI and prepare Privacy Impact Assessments and System of Record Notices (SORN).

·Maintain and update Record Management Surveys (RMS) and supporting documents.

·Coordinate with SCA-V or DoD Continuous Monitoring program for assessments.

·Perform post-assessment actions, including creating a Plan of Action and Milestones (POA&M), Security Assessment Reports (SAR), and coordinating finalized authorization decisions with USACE CIO/G-6 and the Authorizing Official.

·Facilitate CWBI change management activities utilizing standard DevSecOps solutions.

·Track change management items from reception to completion.

·Conduct security impact assessments for proposed changes.

·Analyze CWBI modules for configuration changes using automated means.

·Establish and maintain baseline hardware and software configurations, as well as documentation for ports, protocols, and services management (PPSM).

·Update CWBI system documentation in eMASS, Army Portfolio Management Solution (APMS), CWBI Hub, and Confluence as required.

Provide Tier 3 Cyber Security Service Provider (CSSP) Support

·Conduct Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), and Army Endpoint Security Solution (AESS) scanning.

·Coordinate system access for necessary scans.

·Compile and analyze monthly vulnerability reports, categorizing impact levels and assisting CWBI PMO in prioritizing work to mitigate risks.

·Provide code vulnerability testing, dynamic code scanning, and cloud storage management services compatible with tools such as Burp Suite, Cloudberry, and ThunderScan, ensuring any licenses are the property of USACE.

·Conduct Security Content Automation Protocol (SCAP), Security Technical Implementation Guide (STIG), and Federal Risk and Authorization Management Program (FedRAMP) analyses.

·Perform quarterly SCAP and STIG assessments and analyze results for impacts/risks.

·Upload results into eMASS and assist CWBI PMO with risk prioritization.

·Continuously monitor system security events via logging and monitoring tools.

·Process event log notifications and create service tickets for appropriate technical groups.

·Track service ticket resolutions until successful completion.

Qualifications

·Bachelor's degree in Computer Science, Information Systems, or a related field.

·Relevant certifications (e.g., CISSP, CISM, Security+) preferred.

·Proven experience in cybersecurity, RMF, or a related field.

·Familiarity with cloud security compliance requirements and configurations.

·Strong analytical and problem-solving skills.