Job DescriptionCSCI Consulting is seeking a mid-level
Information System Security Officer (ISSO) to support a Department of War mission environment. The ISSO will be responsible for maintaining the cybersecurity authorization posture of assigned information systems, supporting Risk Management Framework (RMF) activities, managing Authorization to Operate (ATO) packages, and ensuring ongoing compliance with DoD cybersecurity requirements.
In this role, you will partner cybersecurity engineers, system architects, operations teams, and government stakeholders to maintain secure, compliant, and mission-ready systems.
Responsibilities- Develop, maintain, and update System Security Plans (SSPs) for assigned systems
- Manage Plan of Action and Milestones (POA&M) activities from identification through remediation and closure
- Prepare, coordinate, and submit ATO packages
- Execute continuous monitoring activities in accordance with approved cybersecurity strategies
- Utilize Enterprise Mission Assurance Support Service (eMASS) to manage RMF workflows and compliance documentation.
- Coordinate with Information System Security Engineers (ISSEs), security operations personnel, and system owners to validate security control implementation
- Develop Security Assessment Plans (SAPs) and support Security Assessment Report (SAR) activities
- Assist with supply chain risk management documentation and assessments
- Support cybersecurity architecture and governance initiatives related to RMF implementation and continuous authorization efforts
- Maintain awareness of evolving DoD cybersecurity policies, directives, and security control requirements
Minimum Requirements- Active Secret Clearance (TS preferred)
- 3-5 years of cybersecurity, RMF, or information assurance experience supporting DoD or Federal systems
- Hands-on experience managing cybersecurity documentation and workflows within eMASS
- Strong understanding of DoD Risk Management Framework (RMF) processes
- Working knowledge of NIST SP 800-53 Rev. 5 security controls
- Experience independently authoring SSPs and managing POA&M remediation activities
- Strong written and verbal communication skills with the ability to interact effectively with technical and non-technical stakeholders
- Ability to manage multiple system authorizations and compliance activities simultaneously
- DoD 8140.03M DCWF Basic Tier Certification; CEH required
- Creativity and adaptability in problem-solving
- Ability to work with clients to understand their needs
- Strong organizational and time-management skills
- Excellent written and verbal communication skills
- Professional presence
Preferred Skills- Experience with eMASSer or similar RMF automation tools
- Experience supporting cloud, hybrid-cloud, or modernized DoD environments
- Familiarity with the DoD RMF Knowledge Service and continuous authorization concepts
- Experience supporting system accreditation efforts within large federal or defense programs
- Knowledge of cybersecurity governance, risk, and compliance (GRC) best practices
- One or more DoD 8140.03M DCWF Intermediate Tier certifications, including: Security+, Cloud+, PenTest+, GCIH, GCED, GCSA, GSEC, RCCE Level 1, CPTE, FITSP-A, CEH Practical (CEH-P)
- Bachelor's degree in one of the following fields: Computer Science, Cybersecurity, Information Systems, Information Technology, Software Engineering, Data Science, or a related technical discipline
- Ability to work in a team environment, as well as independently
- Strong customer and vendor relationship skills
- Demonstrated ability to comply with data standards and policies
- Motivation to learn new technologies and methodologies that demonstrate value
- Past experience working with a Federal agency
- Department of War experience is a plus!