Mid-Level Information System Security Officer - Isso

Mid-Level Information System Security Officer – Isso

Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or a minimum of four (4) years of hands-on relevant experience in lieu of a degree)
4 years of hands-on experience in cybersecurity
Minimum of four (4) years of hands-on experience in cybersecurity and knowledge of Governance Risk and Compliance with at least one (1) year maintaining an Authorization to Operate (ATO) for a moderate or high-impact federal information system
Strong working knowledge with Federal policies, program standards, and NIST Special Publications guidelines including NIST SP 800-53, 800-37, 800-137
Experience drafting, reviewing, and maintaining system security documentation (e.g., SSP, CMP, POA&M, IRP)
Proficient on how to use various security tools, such as JCAM (or an equivalent GRC tool), Tenable, BigFix, and Splunk (or SIEM)
Strong communication, written, and presentation skills to brief senior leadership
Familiarity with vulnerability scanning tools and interpreting results (e.g., Tenable Nessus, Splunk)
Must possess at least one of the following certifications: CISSP, CISM, CGRC, CRISC, ISSMP, CISA, CCSP, CEH, CompTIA Security+, PMP
Ability to obtain Public Trust clearance; Secret clearance strongly preferred.

Support the maintenance of security documentation and support system ATO and ATT efforts
Conduct security control assessments and provide recommendations for remediation
Perform biweekly audit log and vulnerability scan reviews and track POA&M items
Collaborate with system owners and technical teams to manage risk and respond to incidents
Support Ongoing Authorization (OA) and continuous monitoring activities
Prepare and brief senior leadership on system security posture and compliance metrics
Ensure alignment with DOJ cybersecurity policies and NIST SP 800-53, 800-37, and 800-137.

No preferred qualifications provided.