Junior Information System Security Officer - Isso

Junior Information System Security Officer – Isso

Bachelor’s degree in Cybersecurity, Information Technology, or a related field. In lieu of a degree, a minimum of two (2) years of hands-on relevant experience is required.
2 years of hands-on experience in Governance Risk and Compliance and the RMF process.
Proficient with Federal policies, program standards, and NIST Special Publications guidelines to include but not limited to such as NIST SP 800-53, 800-37, 800-137.
Experience supporting system security documentation, control assessments, and ATO or ATT packages for low to moderate-impact systems.
Proficient on how to use various security tools, such as but not limited to: JCAM (or an equivalent GRC tool), Tenable, BigFix, and Splunk (or SIEM), and/or equivalent.
Familiarity with tools such as JCAM and common security documentation templates.
Exposure to POA&M tracking, audit support, and vulnerability scanning processes.
Ability to draft and maintain basic cybersecurity documentation (e.g., SSP, CMP, IRP).
Detail-oriented with solid organizational and documentation skills.
Ability to brief technical content to non-technical leadership.
Proficient in Microsoft Office Suite (Word, Excel, PowerPoint).
Ability to obtain Public Trust clearance; Secret clearance strongly preferred.

Support the development and maintenance of ATO/ATT documentation for low to moderate-impact systems.
Assist with system security assessments and control evaluations under the Risk Management Framework (RMF).
Maintain security artifacts and documentation in JCAM.
Conduct biweekly reviews of system logs and vulnerability scan results.
Track and manage POA&Ms in coordination with senior ISSOs and system owners.
Participate in continuous monitoring, training exercises, and contingency planning events.
Ensure compliance with cybersecurity policies and NIST SP 800-53 control.