Information System Security Officer (ISSO)Location: Gaithersburg, MD
Required Clearance: TS/SCI with Polygraph
Employment Type: Full-Time Regular
Shift: Day
Travel: No
Relocation Assistance: Yes
Position OverviewEnnoble First is seeking an Information System Security Officer (ISSO) to support mission-critical intelligence systems within the Analysis Sustainment portfolio. The ISSO will be responsible for managing authorizations and risks related to the processing, storage, and transmission of information while ensuring compliance with government and corporate cybersecurity requirements.
The ISSO will support Assessment and Authorization (A&A) activities, vulnerability management, continuous monitoring, security documentation, and risk mitigation efforts while partnering with system owners, administrators, engineers, and government stakeholders to maintain the security posture of critical mission systems.
Primary Responsibilities- Develops risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals, and business processes.
- Must be able to quickly respond to the needs for updates and maintenance of security documentation, especially System Security Plans, Plans of Actions and Milestones (POA&Ms); Security Impact Assessment for proposed system changes, and Concept of Operations that identify and explain how each system satisfies its assigned security control baselines.
- Maintains system security plans and related configuration records in customer Service+ (ServiceNow), XACTA-360 platform, and security management tools.
- Drives necessary security changes through steering groups and control review boards to meet Risk Management milestones.
- Can work independently as well as collaboratively to drive security process improvements, especially to address gaps in meeting customer security requirements and due diligence responsibilities.
- Provides guidance and engages technical teams to implement secure software and hardware processes, government security standards, and industry security best practices.
- Resolves highly complex security problems by applying technical knowledge, conceptualizing, reasoning, and interpretation of requirements.
- Communicates with program leadership and customer stakeholders regarding matters of significant importance to the organization and project.
- Applies in-depth understanding of information security principles, theories, concepts, and their application across a range of programs.
- Develops and maintains security documentation in accordance with NGA, Intelligence Community, DoD, DISA, NIST, and industry standards.
- Initiates and coordinates Assessment and Authorization (A&A) and renewal activities with Designated Authorizing Officials and supporting organizations.
- Addresses Information Assurance and Cybersecurity notices, orders, taskings, and directives in accordance with vulnerability and patch management processes.
- Measures effectiveness of defense-in-depth architectures and Zero Trust implementations against known vulnerabilities.
- Performs security audits and assessments, including creation, tracking, and remediation support for POA&Ms.
- Coordinates with System Administrators and technical teams to remediate vulnerabilities, track findings, and document mitigation activities.
- Updates Security CONOPS and Information Technology Disaster Recovery (ITDR) plans.
- Manages security profiles and implementation activities for systems and services scheduled for Assessment and Authorization.
- Works closely with Systems Engineers, Administrators, ISSMs, security teams, and stakeholders to maintain security plans and associated documentation.
- Maintains records and documentation related to system upgrades, patches, and connectivity configurations.
- Evaluates security solutions and implementation strategies while maintaining the operational security posture of development, integration, and deployed capabilities.
- Provides training and approves user access and identification, authorization, and authentication mechanisms for information systems.
Required Qualifications- BS degree and 8 to 12 years of prior relevant experience to operate within the scope of responsibilities.
- Active TS-SCI clearance with Polygraph.
- Experience that demonstrates an understanding and application of the ICD-503 and NIST risk management framework.
- Experience developing, maintaining, and updating RMF security documentation including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Security Impact Assessments (SIAs), Concepts of Operations (CONOPS), and Assessment & Authorization (A&A) artifacts.
- Experience supporting system accreditation activities, security control assessments, continuous monitoring, vulnerability remediation, and authorization efforts within NIST RMF and/or ICD-503 environments.
- Experience desired with the following systems/platforms/tools: XACTA; XACTA 360 (preferred); HBSS; ACAS; Nessus, SPLUNK.
Preferred Qualifications- NGA experience desired.
- Has 3+ years of experience operating, analyzing, and resolving vulnerability scan results using tools such as Nessus, Tenable Security Center, or a comparable commercial or GOTS product.
- Active Certified Information Systems Security Professional (CISSP) certification or ISACA Certified Information Security Manager (CISM) certification.
- Intelligence Community experience preferred.
Pay Range$135,000-$160,000The Ennoble First pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
