Information Systems Security Officer (ISSO) - Cybersecurity Analyst

BlueHalo, an AV company, is seeking a highly motivated and experienced Information Systems Security Officer (ISSO) to play a critical role in achieving and maintaining Authorization to Operate (ATO) for information systems. The ISSO candidate will be responsible for evaluating the security posture of assigned systems throughout their lifecycle, ensuring compliance with federal security regulations and frameworks, primarily the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). This role requires a deep understanding of the ATO process, strong technical security skills, and excellent communication abilities to collaborate with various stakeholders.

This position could support multiple projects, primarily government programs with some support of commercial programs. The candidate will work on a team comprised of AV, sub-contractors, associate contractors, and end-customer personnel.

Responsibilities and Typical Duties:

• Support the development, review, and maintenance of comprehensive ATO documentation (e.g., System Security Plan (SSP), Contingency Plan (CP), Privacy Impact Assessment (PIA), Risk Assessment Report (RAR), Plan of Action & Milestones (POA&M)).
  • Ensure all documentation adheres to relevant security policies and guidelines (e.g., NIST SP 800-53, FIPS, agency-specific directives).
• Guide systems through all phases of the RMF process (Categorize, Select, Implement, Assess, Authorize, Monitor) and identify, assess, and document security risks and vulnerabilities, providing recommendations for mitigation strategies.
• Coordinate and support security control assessments, including vulnerability scans (e.g., Nessus, SSC/SCAP), penetration tests, and security audits.
• Perform ongoing security activities to maintain the security posture of systems post-ATO, including reviewing audit logs, managing POA&Ms, and tracking system changes.
• Conduct annual assessments and support ATO re-authorization efforts.
• Interpret and apply federal cybersecurity laws, regulations, and policies (e.g., FISMA, FedRAMP, agency-specific policies).
• Assist with incident response activities and provide input on security-related issues.
• Collaborate with cross-functional teams (developers, network engineers, security specialists) to understand requirements and deliver integrated solutions.

Experience:

• Minimum of 3 years of experience as an ISSO, Information Assurance Analyst, or similar role with a strong focus on ATO package development and RMF implementation.
• Familiarity with the Cyber Security Service Provider (CSSSP) onboarding process
• eMASS experience.
• Experience obtaining authorizations for ground systems (on-prem, cloud based).
• Familiarity with encrypted satellite communications (hands on with KS-252/255 a plus).
• Cloud Connection Approval Process experience, especially with BCAP and alternatives such as CNAP.
• Compliant configuration, remediation and mitigation of commonly used ground space components to include Front End Processors (FEPs) that are atypical IT assets.
• Proven experience or significantly contributing to successful ATO efforts for federal information systems.
• Demonstrated experience with vulnerability management, security control implementation, and continuous monitoring.

Skills:

• In-depth knowledge of NIST Special Publications (e.g., 800-37, 800-53, 800-30).
• Familiarity with security assessment tools (e.g., Nessus, SCC/SCAP, Splunk, HBSS).
• Understanding of operating system security (Windows, Linux), network security, and cloud security concepts.
• Experience with configuration management and change control processes.
• Knowledge of scripting languages (e.g., Python, PowerShell) for automation is a plus.
• Familiarity with AWS GovCloud or other Government Cloud environments.
• Must have good interpersonal skills and strong communication skills, both written and verbal.
• The candidate must be able to work both independently with little supervision and within a team environment.

Certifications required:

• DoD 8570.01-M IAT Level II or IAM Level II (e.g., Security+, CASP+, CISSP, CISM).
• Certified Authorization Professional (CAP).
• Other relevant cybersecurity certifications (e.g., CEH, GSEC).

Minimum Requirements:

• Bachelor's Degree: computer science or related field. Or Associate’s Degree plus 2 years equivalent experience.
• 3 years working experience
• US Citizen
• Top Secret and SCI (TS/SCI) eligibility or equivalent