Position: Information Systems Security Officer (ISSO)
Level: Mid to Senior
Location: San Diego, CA (Hybrid/Remote Considered)
Telework: Hybrid remote/onsite, with typical set schedule at Government facility
Travel: Less than 10%
Salary: $95,000-$141,000, depending on experience, clearance, certifications, and contract requirements
Responsibilities of this position include, but are not limited to:- Support Risk Management Framework (RMF), Assessment & Authorization (A&A), and Authorization to Operate (ATO) activities for Navy/DoD information systems.
- Develop, review, maintain, and update cybersecurity documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action & Milestones (POA&Ms), Security Categorization documentation, Privacy Impact Assessments, and related A&A artifacts.
- Support continuous monitoring, annual security reviews, control validation, and audit-readiness activities.
- Coordinate with system owners, engineers, administrators, Security Control Assessors, Authorizing Officials, and other stakeholders to support cybersecurity compliance and risk management.
- Track, document, and support remediation of vulnerabilities, STIG findings, POA&M items, and other cybersecurity risks.
- Use cybersecurity and information assurance tools such as eMASS, ACAS/Nessus, STIG Viewer, and related DoD/Navy systems as required.
- Support configuration management and baseline change activities to ensure cybersecurity impacts are identified, documented, and addressed.
- Assist with cybersecurity inputs for system changes, boundary updates, hardware/software lists, network diagrams, and authorization packages.
- Maintain awareness of applicable DoD, Navy, and federal cybersecurity policies, including RMF, NIST SP 800-53, DoDI 8510.01, and DoD 8140/8570 workforce requirements.
Required Qualifications:- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, Mathematics, Business, Management, or a related technical or managerial field preferred. Additional relevant cybersecurity, military, Navy, RMF, A&A, or information assurance experience may be considered in lieu of degree.
- 3-10 years of practical experience in cybersecurity, information assurance, engineering, test and evaluation, RMF, A&A, C&A, or related information system security support.
- Experience supporting RMF, A&A, ATO lifecycle, cybersecurity compliance, or Navy/DoD information system security activities.
- Experience preparing, maintaining, or reviewing cybersecurity artifacts and compliance documentation in support of ATO requirements.
- Experience with Information Assurance tools such as eMASS and ACAS/Nessus.
- Working knowledge of RMF, ATO requirements, POA&M tracking, vulnerability management, security controls, and information system security posture maintenance.
- Active U.S. Secret clearance preferred; ability to obtain and maintain required clearance is required.
- Strong written and verbal communication skills, with the ability to coordinate across technical teams, Government stakeholders, and program leadership.
Preferred Qualifications:- Prior experience supporting PMW/A 170, PEO C4I, NAVWAR, NIWC, Navy PNT systems, or other Navy C4I/cybersecurity programs.
- Current DoD 8140/8570-compliant certification such as Security+, CAP, CASP+, CISSP, CISM, GSLC, or equivalent.
- Experience supporting classified and/or mission-critical Navy or DoD systems.
- Experience with POA&M management, vulnerability remediation coordination, annual security reviews, continuous monitoring, and ATO sustainment.
- Familiarity with CYBERSAFE, Cross Domain Solution documentation, Navy authorization packages, or Security Control Assessor coordination.
- Experience supporting system boundary validation, hardware/software baselines, configuration control, or Baseline Change Requests.
Please note: This position is contingent upon contract award and Government approval. XSITE is proactively building its candidate pipeline for an anticipated award expected within the next few weeks.