Description: NSI requires a Journeyman Information Systems Security Officer (ISSO) to support the IS3 Team. The ISSO Journeyman supports and advances the organization's Cyber security and compliance program by maintaining security documentation, monitoring controls, and independently managing key aspects of CMMC Level 2 and NIST SP 800-171 compliance within a GCC-High environment. This role operates across Microsoft 365 GCC High, Azure Government, Intune, Defender, and related tooling to implement, validate, and enhance security controls. The ISSO Journeyman is suited for security professionals looking to grow beyond foundational tasks into deeper governance, risk, and compliance responsibilities within a defense contractor environment.

Responsibilities:
• Assist with maintaining and updating documentation required for CMMC and NIST SP 800-171 compliance, including SSPs, POA&Ms, policies, and procedures
• Conduct ongoing control monitoring activities, including evidence collection, weekly/monthly checks, and review of audit logs
• Support vulnerability management efforts by reviewing scans, tracking remediation, and validating closure of findings
• Participate in internal readiness assessments for CMMC Level 2 and NIST SP 800-171 compliance
• Conduct risk assessments, gap analyses, and security impact assessments related to changes affecting O365 GCC High, Azure Gov, Intune-managed endpoints, and hybrid/on-prem systems
• Contribute to continuous improvement of compliance processes, evidence management, automation, and security documentation
• Maintain asset inventories, access control records, and configuration management documentation
• Assist with preparation for third party assessments, customer audits, and internal security reviews
• Contribute to incident response documentation, evidence gathering, and post incident reporting
• Review security alerts and escalate potential issues as appropriate
• Support incident response activities, including triage, impact analysis, root cause evaluation, and corrective action planning
• Support security awareness and training initiatives, including rollout and tracking
• Collaborate with IT, system owners, and engineering teams to ensure security requirements are understood and implemented
• Stay up to date on changes to CMMC, NIST guidance, and DoD Cyber security requirements

Azure / Network Security / Boundary Management
• Conduct full Network Security Group (NSG) exposure reviews, analyze rule sets, identify misconfigurations, and recommend remediation
• Verify Azure public-facing assets, evaluate exposure points, and validate alignment with CMMC L2 requirements
• Perform detailed NSG rule analysis using Azure Gov tools, documenting risks and corrective actions
• Perform full STAC VPN architecture assessments including licensing review, EMS/Entra considerations, and authentication model analysis
• Maintain and update VPN boundary documentation and baseline configuration records

Operational Cyber security Duties
• Manage all Cyber security/IT tickets (excluding phishing/junk), coordinating escalations as needed
• Support the Risk Management Board by preparing quarterly materials, collecting evidence, and assisting with risk updates/action tracking
• Tune AI-driven Cyber security alerts on a recurring basis, updating suppression rules and thresholds
• Test new Microsoft Purview features, document findings, and provide implementation recommendations
• Research new Defender and Purview capabilities, evaluate applicability, and recommend adoption priorities
• Perform daily Action Center monitoring, update item owners, and track response actions
• Conduct continuous Log4j monitoring and maintain reporting for vulnerable components
• Test and validate updated Outlook OWA policies during rollout, identifying issues or inconsistencies
• Support sensitivity labeling rollout by validating scoping, accuracy, and policy governance

Documentation & Governance
• Maintain stewardship of the Incident Response Plan (IRP), including periodic updates, evidence hygiene, artifact organization, and version control

Location: Lexington Park, MD

Education: Bachelor's degree in Cyber security, Information Systems, Computer Science, or equivalent experience.

Certifications: Must hold a DoD-approved IAT II Certification, such as CompTIA Security+, or an equivalent/higher certification (e.g., CySA+, CCNA Security, GSEC, CAP, etc.)

Experience: At least 5+ years of experience in Cyber security, compliance, audit, risk management, or IT operations. Basic understanding of Cyber security concepts, networking fundamentals, and system administration. Familiarity with NIST SP 800-171, CMMC, or related compliance frameworks. Hands-on exposure to CMMC or NIST SP 800-171 programs. Familiarity with vulnerability management tools, SIEM platforms, or GRC solutions.

Security Clearance: Secret Clearance is required. Must be a U.S. citizen.

Special Notes/Instructions: NSI is a privately held, small but quickly growing company with headquarters in Lexington Park, Maryland within 5 miles of the Patuxent River Naval Air Station. Established in 2004, we are now celebrating 22 years of excellence in providing quality products and services to the Department of Defense. Our benefits package includes medical, dental, vision, Long Term Disability, Life Insurance, Short Term Disability, paid time off, paid holidays, flexible spending account, employee assistance program, tuition assistance program, 401k Plan with company match as well as a fun and enthusiastic work environment!

To Apply: NSI offers a team-oriented work environment and a competitive compensation and employee benefits package. If you have a commitment to excellence and want to join our team of top caliber professionals, we invite you to submit your resume electronically by visiting our careers website at: https://n-s-i.us/careers/apply/.

Quality, Integrity, Teamwork, Success - that's NSI!