Information Systems Security Officer (ISSO)

Location
Vicksburg, MS (Hybrid - within 1-hour commute required)

Brown Technologies is currently seeking an Information Systems Security Officer (ISSO) who is a self-starter supporting DoD cybersecurity compliance efforts and working closely with government stakeholders, system owners, engineers, and Information System Security Managers (ISSMs).

DESCRIPTION:

The Information Systems Security Officer (ISSO) supports cybersecurity compliance, authorization, and continuous monitoring of DoD information systems. The ISSO executes Risk Management Framework (RMF) activities, maintains system security documentation in eMASS, and ensures systems remain compliant with DoD cybersecurity requirements.

This role involves documenting and validating security control implementations, collecting supporting evidence, and coordinating with system administrators and engineers to ensure required controls are implemented and maintained. The ISSO plays a critical role in maintaining system authorization and supporting ongoing compliance efforts within dynamic DoD environments.

RESPONSIBILITIES:

Support cybersecurity compliance and authorization of assigned information systems in accordance with DoD RMF under ISSM direction.

Develop, update, and maintain RMF documentation including System Security Plans (SSP), Security Assessment Plans (SAP), Security Assessment Reports (SAR), Plans of Action and Milestones (POA&M), and Risk Assessment Reports (RAR).

Manage RMF activities within eMASS, including control implementation statements, artifact uploads, evidence tracking, POA&M management, and package status tracking.

Document and track NIST SP 800-53 security control implementations and prepare controls for validation and approval.

Collect, validate, and maintain control implementation evidence supporting authorization and continuous monitoring requirements.

Review and analyze vulnerability and compliance scan results, including ACAS/Nessus outputs, SCAP compliance results, and DISA STIG checklists.

Coordinate with system administrators and engineers to validate remediation actions and ensure findings are properly tracked in POA&Ms.

Support system authorization activities including preparation for assessments, coordination with assessment teams, and remediation tracking.

Perform continuous monitoring activities such as vulnerability tracking, configuration compliance checks, periodic control validation, and audit log coordination.

Evaluate the security impact of system changes and update RMF documentation accordingly.

Ensure compliance with DoD cybersecurity policies including DoDI 8510.01, NIST SP 800-53, and DISA STIGs.

Provide cybersecurity guidance to system owners and technical teams.

Develop and maintain compliance reporting including POA&M status, remediation progress, and authorization timelines.

Additional Duties:

Assist with control inheritance and system boundary documentation.

Support audit readiness and participate in internal or external security assessments.

Provide input to improve RMF processes and documentation quality.

Collaborate across teams to ensure alignment of cybersecurity requirements and implementation efforts.

QUALIFICATIONS:

Required:

U.S. Citizen with the ability to obtain a Secret Clearance

Minimum of three (3) years of cybersecurity or information assurance experience supporting DoD systems.

Hands-on experience executing RMF activities and managing authorization packages within eMASS or similar systems.

Working knowledge of NIST SP 800-53 security controls and the DoD RMF lifecycle.

Experience supporting vulnerability management processes including ACAS/Nessus, SCAP tools, and DISA STIGs.

Experience developing and maintaining RMF documentation such as SSPs, POA&Ms, SAPs, and SARs.

Strong organizational and documentation skills.

Ability to communicate cybersecurity requirements effectively to technical and non-technical stakeholders.

Ability to manage multiple systems and competing priorities.

DoD 8140 / 8570 compliant certification (e.g., Security+ CE, CISSP, CASP).

Preferred:

U.S. Citizen and active Secret Clearance

Experience with enterprise architectures or shared services environments.

Familiarity with control inheritance, system boundaries, and architecture documentation.

Experience supporting security assessments (SCA/SCA-V or internal teams).

Familiarity with SIEM tools, audit log review processes, and endpoint security solutions.

Experience with Tenable ACAS.

Understanding of FedRAMP or CNSSI 1253 security control baselines.

Benefits of working at Brown Technologies Incorporated

Brown is proud to support the health and wellbeing of the people we employ. We offer a competitive, comprehensive benefits package that includes healthcare coverage, flexible spending accounts, 401(k) retirement plan with employer match, accrued paid time off, company-provided life insurance and disability coverage, an employee assistance program, professional development such as tuition reimbursement, and other benefits that support work-life balance. We are an employee-centric company that understands the individuals that comprise our workforce are our most important asset and are recognized as one of "The Best Place for Working Parents" in Huntsville, AL.

Benefits may vary based on status, but the majority of our positions include the following:

Competitive Wages*
Medical, Rx, Dental & Vision Insurance
Medical plan with Health Savings Account eligibility
Company-funded Life, Short-Term & Long-Term Disability Insurance
Personal Time Off and Paid Holidays
401(k) Retirement Plan
Flexible Spending Accounts
Tuition Reimbursement

*Final compensation for this position is determined by factors such as responsibilities of the job, education, experience, certifications, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.