Job Title: Information System Security Officer (ISSO)Location: On-Site in Arlington, VA
Department: Cyber Security Services
Reports To: Management
FLSA Status: Full Time/Non-exempt
Description:
The Information Systems Security Officer (ISSO) ensures the secure operation of complex, multi-enclave IT and Research & Development (R&D) systems in support of the Defense Advanced Research Projects Agency (DARPA). Operating across all classification levels (Unclassified, Secret, TS/SCI, and Special Access Programs), the ISSO serves as the principal advisor to Information System Owners regarding security posture. This role requires a "hands-on" governance approach, heavily utilizing the Assured Compliance Assessment Solution (ACAS) and standard DoD tooling to drive Continuous Monitoring (ConMon), validate compliance, and maintain active Authority to Operate (ATO) statuses without disrupting critical experimental research.
Duties & Responsibilities:ISSO responsibilities include, but are not limited to:
RMF Lifecycle Management: Develop, maintain, and oversee RMF authorization packages (SSP, SAR, RAR, SAP, and POA&M) within systems of record (e.g., eMASS, Xacta) for standard enterprise and non-standard DARPA research environments.
ACAS Operations & Vulnerability Management: Execute credentialed and non-credentialed ACAS (Tenable.sc / Nessus) scans across connected and air-gapped networks. Analyze scan results to identify vulnerabilities, assess risk, and validate compliance against DoD baselines.
POA&M & Remediation Advisory: Translate complex ACAS scan results and DISA STIG findings into actionable mitigation strategies. Work directly with systems administrators and researchers to remediate vulnerabilities, track progress, and close POA&M items.
Continuous Monitoring (ConMon): Implement and oversee ConMon strategies. Review ACAS dashboards, audit logs (e.g., Splunk, Elastic), and system configurations to ensure ongoing compliance with NIST SP 800-53 controls.
Air-Gapped & Multi-Enclave Support: Facilitate secure data transfers, manual ACAS plugin/feed updates, and compliance validation for isolated, disconnected, and highly classified DARPA enclaves.
Security Assessments: Conduct routine compliance checks using SCC, STIG Viewer, and Evaluate-STIG. Support independent third-party assessments (e.g., CCRI) and ATO control validations.
Incident Handling: Coordinate with the Information Systems Security Manager (ISSM) and incident response teams to investigate security anomalies, audit anomalies, or classified data spillages.
OtherThis is typical office or administrative work, and there is no exposure to adverse environmental conditions.
This position requires sedentary work. Sedentary work is defined as: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.
Requirements
Qualifications:- Education/Experience: Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent experience) with 5-7+ years of experience acting as an ISSO or in a senior DoD RMF compliance role.
- Clearance: Active Top Secret clearance with SCI eligibility. (Willingness to undergo a Counterintelligence (CI) or Full-Scope Polygraph for SAP readiness is highly preferred).
- DoD Directive: DoD 8570.01-M / 8140.03 compliant for IAM Level II or III (e.g., CAP, CISM, CASP+ CE, CISSP).
- ACAS Proficiency: Hands-on experience executing scans, interpreting vulnerability data, and managing asset lists in ACAS (Nessus / Tenable.sc). A current DISA ACAS Operator/Admin training certificate is highly desired.
- Framework Knowledge: Expert-level understanding of DoD RMF (DoDI 8510.01), NIST SP 800-53/800-37/800-171, and DISA STIG implementation.
- Tooling: Proven experience managing ATO artifacts in eMASS or Xacta. Proficient with SCC, STIG Viewer, and interpreting IAVA/IAVM notices.
- Communication: Exceptional written and verbal communication skills. Ability to act as a security liaison, balancing strict DoD compliance requirements with DARPA's flexible, fast-paced R&D mission needs.