Information System Security Officer (ISSO)
Suitland, MD, United States
Full Time Senior-level / Expert USD 130K - 165K
Tyto Athene
Tyto Athene delivers secure, mission-critical solutions that empower agencies to modernize networks, enhance cybersecurity, and achieve information dominance.Tyto Athene is searching for an Information System Security Officer to support a Government Program Management Office in Suitland, MD.
Responsibilities:
- Work location is 100% on government site.
- Provide cybersecurity engineering support as part of the system development life cycle (SDLC).
Ensure security requirements are integrated into the system architecture, design, development, testing, assessment, authorization, delivery, and sustainment. - Apply the cybersecurity risk management framework (RMF) to program information systems in accordance with NIST SP 800-37, DoDI 8510.01, and ICD-503.
Implement the RMF life cycle steps to achieve system authorization and operation. Build,
maintain, and track system’s cybersecurity baselines and security authorization documentation using both eMASS and Xacta enterprise platforms. - Provide support to cybersecurity architecture and assessment & authorization (A&A) processes, ultimately leading to Authority to Operate (ATO) decision.
- Identify and employ cybersecurity best practices for the organization. Create a well-informed plan based on DOD and Navy cybersecurity strategy and manage the adaption process. Incorporate security management into hardware, software, and applications.
- Assist Government managers with information security oversight, policy analysis, IT product acquisition, and program execution in accordance with NIST SP 800-39 and the DoDI 8500.01.
- Engage with Program Managers and technical stakeholders to interpret technical requirements, standards/policies, architectural artifacts, budget development, implementation, auditing, program briefs, and continuous monitoring.
- Perform ACAS scanning, STIG checklist actions, vulnerability assessment/mitigation, implement changes, and review systems to identify potential security weaknesses.
- Prepare documentation including Plan of Action & Milestones (POA&M), Systems Security Plans (SSP), Risk Assessment Reports (RAR), A&A packages, System Requirements Traceability Matrices (SRTM), Annual Security Reviews (ASR), and Security Assessment Reports (SAR).
Required:
- Bachelor’s Degree in computer science, cyber security, information systems, or other related
technical discipline. - Six (6) or more years of experience in IT security, including RMF methodology and A&A.
- Active DoD Cyber Workforce IAT Level II certification as a minimum, with specific course
completion or renewal certificate. - Exceptional understanding of DOD cybersecurity policies, RMF steps and structure, A&A process, and gaining system authorization to operate (ATO).
- Some background with Red Hat Enterprise Linux (RHEL) operating system.
- Ability to operate and execute DISA tools, STIG Viewer, eMASSter, and strong familiarity with
eMASS and Xacta functionality. - Strong communication skills with all levels of the IT workforce and can translate complex
technical topics for senior decision-makers. Prepare/deliver presentations to leadership. - Desired Other IT Certifications: CISSP, CISA, SSCP, CASP, GSEC, and/or CEH
Clearance:
- Active TS clearance with access to SCI as reported in DISS (must have current Tier-5)
Compensation:
- Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically $130K-$165K. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.
Benefits:
- Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave.
Tags: ACAS Audits CASP+ CEH CISA CISSP Clearance Cloud Computer Science DISA DoD eMASS GSEC Linux Monitoring NIST POA&M Red Hat Risk assessment Risk Assessment Report Risk management RMF SDLC Security assessment Security Assessment Report SRTM SSCP Strategy System Security Plan
Perks/benefits: 401(k) matching Career development Flex vacation Health care Insurance Parental leave
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.