Information System Security Officer – Isso

Information System Security Officer – Isso

Requirements

• An active TS/SCI with Poly.
• BS/BA or equivalent experience and a minimum 7 yrs. related work.
• 2-5 years of experience in information security, with a focus on continuous monitoring and RMF.
• Relevant certifications such as Security+, CISSP, CISM, or CAP.
• Strong knowledge of NIST SP 800 series publications, particularly SP 800-37, SP 800-53, and SP 800-137.
• Familiarity with Federal information security regulations and guidelines (e.g., FISMA, FedRAMP).
• Experience with security tools such as vulnerability scanners, SIEM systems, and GRC platforms.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to work effectively in a team environment and collaborate with various stakeholders.

Responsibilities

• Implement and maintain a Continuous Monitoring program aligned with RMF and NIST SP 800-137 guidelines.
• Conduct regular security assessments and vulnerability scans of information systems.
• Monitor security controls and their effectiveness in real-time.
• Analyze security-related information to identify trends and potential threats.
• Prepare and maintain documentation for security status reporting.
• Collaborate with system owners and other stakeholders to address security findings and implement remediation plans.
• Assist in the development and updating of System Security Plans (SSPs) and other RMF documentation.
• Support the Authorization to Operate (ATO) process for information systems.
• Stay current with evolving cybersecurity threats, technologies, and compliance requirements.
• Participate in incident response activities as needed.

Preferred Qualifications

• Experience working in a government or government contractor environment.
• Familiarity with automation tools for continuous monitoring processes.
• Tenable experience.
• Experience with Splunk.
• Qmulos Q-Audit experience.