ISSO-ACTIVE SECRET CLEARANCE REQUIRED

Primary Responsibilities:

• Serve as the lead security representative for system RMF lifecycle activities including control selection implementation testing and documentation.

• Develop review and maintain key RMF artifacts such as System Security Plans (SSPs) Security Assessment Reports (SARs) Contingency Plans (CPs) and POA&Ms.

• Ensure systems maintain a valid Authorization to Operate (ATO) through continuous monitoring vulnerability assessments and compliance reporting.

• Validate the implementation of security controls and document evidence in Enterprise Mission Assurance Support Service (eMASS).

• Collaborate with cybersecurity engineers auditors and control assessors to prepare for internal and external security audits and inspections.

• Analyze and respond to scan results SIEM alerts audit logs change management actions and potential cybersecurity incidents.

• Support the integration of security into DevSecOps pipelines ensuring secure configuration management patching and container security practices.

• Provide security engineering guidance to development and infrastructure teams in areas such as encryption access controls secure protocols and authentication methods.

• Lead the execution of cybersecurity training awareness initiatives and policy compliance briefings for staff and stakeholders.

• Identify assess and mitigate risks associated with system design implementation and operational posture.

• Provide oversight for managing privacy-related data insider threat indicators and incident handling workflows in accordance with federal mandates.

• All other duties as assigned by management.

Education/Experience Requirements:

• Bachelor’s or Associate's degree in Computer Science Math Information Technology Engineering or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.

• Minimum of six (6) years experience in information security/information assurance.

• Minimum of five (5) years of experience in the risk management framework.

• Hands-on experience with Active Directory Windows/UNIX systems and relational databases in secure environments.

• Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.