Information Systems Security Officer (ISSO)

Apavo Corporation

$90K — $130K *
Aerospace & Defense
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, IT, or related field with 5-7+ years of ISSO or senior DoD RMF compliance experience.
  • Active Top Secret clearance with SCI eligibility, willing to undergo CI or Full-Scope Polygraph for SAP readiness.
  • DoD 8570.01-M compliant for IAM Level II/III (e.g., CAP, CISM, CASP+ CE, CISSP).
  • Hands-on experience with ACAS (Nessus/Tenable.sc) for executing scans and interpreting vulnerability data.
  • Expert-level knowledge of DoD RMF and NIST standards (SP 800-53/800-37/800-171) and DISA STIG implementation.
  • Proven skills managing ATO artifacts in eMASS or Xacta, and experience with compliance tooling.
  • Strong written and verbal communication skills with the ability to liaise between security and R&D teams.

Responsibilities

  • Develop and oversee RMF authorization packages within systems of record.
  • Execute ACAS scans and analyze results to identify vulnerabilities and assess risk.
  • Translate ACAS scan results into actionable remediation strategies, collaborating with system admins and researchers.
  • Implement continuous monitoring strategies, reviewing dashboards and logs for ongoing compliance.
  • Facilitate secure data transfers and compliance validation for classified DARPA enclaves.
  • Conduct routine compliance checks and support third-party assessments for ATO validation.
  • Coordinate with ISSM and incident response teams to investigate security anomalies.

Benefits

  • Supportive work environment in cutting-edge projects within DARPA.
  • Opportunity to work with advanced and classified IT systems.
  • Gain experience in a unique multi-enclave security operations setting.
  • Engagement with both technical and research teams on compliance initiatives.
  • Professional development through challenging responsibilities and exposure to various tools and frameworks.
Full Job Description
Job Title: Information System Security Officer (ISSO)

Location: On-Site in Arlington, VA

Department: Cyber Security Services

Reports To: Management

FLSA Status: Full Time/Non-exempt

Description:

The Information Systems Security Officer (ISSO) ensures the secure operation of complex, multi-enclave IT and Research & Development (R&D) systems in support of the Defense Advanced Research Projects Agency (DARPA). Operating across all classification levels (Unclassified, Secret, TS/SCI, and Special Access Programs), the ISSO serves as the principal advisor to Information System Owners regarding security posture. This role requires a "hands-on" governance approach, heavily utilizing the Assured Compliance Assessment Solution (ACAS) and standard DoD tooling to drive Continuous Monitoring (ConMon), validate compliance, and maintain active Authority to Operate (ATO) statuses without disrupting critical experimental research.

Duties & Responsibilities:

ISSO responsibilities include, but are not limited to:

RMF Lifecycle Management: Develop, maintain, and oversee RMF authorization packages (SSP, SAR, RAR, SAP, and POA&M) within systems of record (e.g., eMASS, Xacta) for standard enterprise and non-standard DARPA research environments.

ACAS Operations & Vulnerability Management: Execute credentialed and non-credentialed ACAS (Tenable.sc / Nessus) scans across connected and air-gapped networks. Analyze scan results to identify vulnerabilities, assess risk, and validate compliance against DoD baselines.

POA&M & Remediation Advisory: Translate complex ACAS scan results and DISA STIG findings into actionable mitigation strategies. Work directly with systems administrators and researchers to remediate vulnerabilities, track progress, and close POA&M items.

Continuous Monitoring (ConMon): Implement and oversee ConMon strategies. Review ACAS dashboards, audit logs (e.g., Splunk, Elastic), and system configurations to ensure ongoing compliance with NIST SP 800-53 controls.

Air-Gapped & Multi-Enclave Support: Facilitate secure data transfers, manual ACAS plugin/feed updates, and compliance validation for isolated, disconnected, and highly classified DARPA enclaves.

Security Assessments: Conduct routine compliance checks using SCC, STIG Viewer, and Evaluate-STIG. Support independent third-party assessments (e.g., CCRI) and ATO control validations.

Incident Handling: Coordinate with the Information Systems Security Manager (ISSM) and incident response teams to investigate security anomalies, audit anomalies, or classified data spillages.

Other

This is typical office or administrative work, and there is no exposure to adverse environmental conditions.

This position requires sedentary work. Sedentary work is defined as: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

Requirements

Qualifications:
  • Education/Experience: Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent experience) with 5-7+ years of experience acting as an ISSO or in a senior DoD RMF compliance role.
  • Clearance: Active Top Secret clearance with SCI eligibility. (Willingness to undergo a Counterintelligence (CI) or Full-Scope Polygraph for SAP readiness is highly preferred).
  • DoD Directive: DoD 8570.01-M / 8140.03 compliant for IAM Level II or III (e.g., CAP, CISM, CASP+ CE, CISSP).
  • ACAS Proficiency: Hands-on experience executing scans, interpreting vulnerability data, and managing asset lists in ACAS (Nessus / Tenable.sc). A current DISA ACAS Operator/Admin training certificate is highly desired.
  • Framework Knowledge: Expert-level understanding of DoD RMF (DoDI 8510.01), NIST SP 800-53/800-37/800-171, and DISA STIG implementation.
  • Tooling: Proven experience managing ATO artifacts in eMASS or Xacta. Proficient with SCC, STIG Viewer, and interpreting IAVA/IAVM notices.
  • Communication: Exceptional written and verbal communication skills. Ability to act as a security liaison, balancing strict DoD compliance requirements with DARPA's flexible, fast-paced R&D mission needs.

Similar Jobs

More Jobs at Apavo Corporation

More Aerospace & Defense Jobs

Find similar Information Systems Security Officer (ISSO) jobs: