Modern Technology Solutions Inc. is seeking an experienced Information Systems Security Officer (ISSO) to lead cybersecurity efforts for an AFLCMC program office. This role focuses on ensuring compliance with laws, regulations, and security requirements while implementing strategic and technical cybersecurity solutions. Responsibilities include assessing system confidentiality, integrity, and availability, evaluating threats and vulnerabilities, developing Plans of Action and Milestones (POA&M), and submitting authorization packages. Additionally, the ISSO will collaborate with development teams to design, integrate, and enhance information systems while recommending mitigation strategies for emerging security challenges. The ideal candidate will bring expertise in the Risk Management Framework (RMF), system administration, and program management. This hybrid position requires managing systems at the Secret, SCI, and SAP levels while balancing strategic governance and hands-on technical maintenance. The candidate must effectively engage with stakeholders ranging from end-users to Authorizing Officials (AO) while maintaining a resilient cybersecurity posture in response to evolving threats.
Responsibilities:
• Security Policy Implementation: Develop, implement, and enforce security policies, standards, and procedures to ensure the protection of information systems.
• Configuration Management: Ensure that all information systems are configured securely according to organizational policies and best practices.
• System Patching: Perform system patching in response to IAVAs and other security findings and requirements
• Risk Management: Conduct risk assessments to identify and mitigate potential security threats. Assess the impact of changes in the IT environment and update the risk management framework accordingly.
• Security Compliance: Ensure that information systems comply with relevant government and industry standards, such as NIST, FISMA, and DoD regulations. Prepare and maintain documentation to demonstrate compliance.
• Continuous Monitoring: Implement continuous monitoring processes to detect and respond to security vulnerabilities and threats. Utilize tools like SIEM (Security Information and Event Management) to monitor system activities.
• Security Audits: Conduct regular security audits and assessments to evaluate the effectiveness of security measures and identify areas for improvement.
• Collaboration: Work closely with other IT and security professionals to ensure a coordinated approach to cybersecurity. Liaise with external stakeholders, such as auditors and regulatory bodies, as needed.
• Documentation: Maintain comprehensive documentation of security policies, procedures, and measures taken to secure information systems. Prepare reports for management on security status and incidents.
• Security Enhancements: Recommend and implement security enhancements to improve the overall security posture of the organization. Stay updated with the latest security trends and technologies.
• Oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.
Qualifications:
• Security Clearance:
o Must be a U.S. Citizen
o Active Top-Secret Security Clearance with ability to obtain SCI
• Certifications and Technical Expertise/Experience:
o Certifications required: COMPTIA Security + / CISSP
o DESIRED AWS certification (e.g., AWS Solutions Architect Associate or Professional)
• Education:
o A Master of Arts/Master of Science/Master of Engineering MA/MS/ME degree
o Years of experience may be considered in lieu of a master's degree
• Experience:
o Possess 10+ years of relevant work experience
o Minimum of 2-5 years of experience in ISSO roles
o Have no less than three (3) years' experience in a Special Access Program (SAP) and/or Sensitive Compartmented Information (SCI) environment within the last five (5) years
o Proficiency in using security tools and technologies, such as firewalls, intrusion detection/prevention systems, SIEM, and endpoint protection.
o Knowledge of network security, application security, and endpoint security principles.
o Understanding of operating systems (Windows, Linux, etc.) and their security configurations.
o Familiarity with cloud security best practices
o Familiarity with RMF process
o Experience with Spunk or other similar applications
o Experience with security compliance and regulatory requirements.
o Strong analytical and problem-solving abilities.
o Capability to analyze complex security issues and develop practical solutions.
o Excellent written and verbal communication skills.
o Ability to effectively communicate technical information to non-technical stakeholders
o Experience working in a DoD program or product acquisition office or environment
• Technical Expertise:
o Proficiency with Windows, Linux, and/or VMware administration.
o Knowledge of network security principles and tools.
o Experience with DISA STIG implementation, RMF compliance processes, and vulnerability assessment tools (Nessus, Splunk, HBSS).
• Desired Qualifications:
o In-depth experience supporting government environments, especially within the DoD.
o Advanced scripting skills for task automation (e.g., PowerShell, Python).
o Ability to multitask, prioritize, and manage time efficiently
o Experience working in a DoD program or product acquisition office or environment
#LI-HP1
#MTSI-Jobs
