Information System Security Officer (ISSO)
Huntsville AL - RemoteA Day in the Life of an Information System Security Officer:As an Information System Security Officer, you will be expected to manage and oversee the cybersecurity risk management lifecycle of mission-critical, life-safety information systems across the DoD environment.
Daily tasks are expected to include: - Ensure that systems comply with DoD 8500-series directives, NIST SP 800-53 controls, and other applicable federal security requirements.
- Monitor and enforce compliance with established security methodologies across all phases of system operations.
- Create and maintain comprehensive policies and procedures that detail security controls and system boundaries.
- Identify, document, and manage system vulnerabilities and mitigation strategies in POA&Ms.
- Act as a liaison between cybersecurity and technical teams to interpret and implement security controls effectively.
- Support engineering teams in ensuring that security requirements are appropriately addressed throughout the system lifecycle.
- Collaborate with Authorizing Officials (AOs), Security Control Assessors (SCAs), and other key personnel throughout the Assessment and Authorization (A&A) process.
- Participate in Security Control Assessments (SCAs), accreditation meetings, and compliance briefings.
- Prepare and submit required security documentation and artifacts for internal and external audits.
- On-call Support and Maintenance: Periodically, provide after-hours emergency support.
- Perform other tasks as directed.
This job is for you if you: - Enjoy managing system security and compliance in support of mission-critical environments.
- Possess a strong understanding of RMF and DoD cybersecurity policy (NIST SP 800-53, CNSSI 1253, DoDI 8510.01).
- Are a skilled communicator and can interface between technical staff and government stakeholders.
- Are highly organized and capable of maintaining comprehensive security documentation through various environments.
- Exhibit sound judgment and uphold high ethical standards.
- Work well in a team-based, geographically diverse environment.
- Can thrive in a fast-paced, ever-changing, scrum operations-based environment directly supporting our nation's public-safety infrastructure.
What we are expecting from you (i.e., the qualifications you must have): - Bachelor's degree in cybersecurity, information assurance, computer science, or a related field, with 5-8 years of experience in cybersecurity, information system security, or ISSO-related roles.
- Security+ certification is required; advanced certifications such as CISSP, CASP+, or CISM are strongly preferred.
- Demonstrated experience working within the Risk Management Framework (RMF), including control implementation, assessment, and authorization processes.
- Proficiency with key tools and platforms, including eMASS, STIGs/STIG Viewer, ACAS (Nessus/Tenable), and vulnerability scanning/assessment tools.
- Hands-on experience leading or supporting NIST SP 800-53 Rev 5 control implementation and tailoring activities to align with system requirements.
- Strong understanding of the Authorization to Operate (ATO) process, including the development and maintenance of Plan of Action and Milestones (POA&Ms) and other required RMF artifacts.
- In-depth knowledge of eMASS package creation and lifecycle management, from system inception through decommissioning, is highly desirable.
- Familiarity with FedRAMP controls and cloud security frameworks (AWS, Azure, or hybrid cloud environments) is a plus.
- Understanding of mobile system accreditation processes, including policies and compliance requirements, is a plus.
- Experience working with Computer-Aided Dispatch (CAD) systems or other mission critical operational technologies is a plus.
The physical and mental demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions. - Ability to remain in a stationary position and operate a computer for extended periods.
- Occasional ability to move or transport items up to 25 pounds.
- Communicate effectively in English (verbal, written) and possess visual and auditory acuity for tasks and safety.
- Manage multiple tasks, prioritize, and maintain focus in dynamic environments.
- Demonstrate strong problem-solving, critical thinking, and analytical skills.
- Maintain consistent attendance, punctuality, and high professional standards.
Required Level of Security Clearance: NoneMust be a US Citizen and have the ability to obtain and maintain favorable adjudication for a Tier-1 or a National Agency Check Investigation (NACI)
Required Travel: 10%
#cjjobs
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").
