DC, Washington
Washington, DC
Depends on Experience 

Job Description: The ISSO Embedded in the implementation and lifecycle stages of assigned systems and serve as point of contact on all matters of cybersecurity.  Collaborate with System Administrators for remediation on all aspects of security.  Configuration Management (CM)/Portfolio Management for assigned classified systems including actively participate in Configuration Management for assigned system(s) and coordination with CM on hardware and software approvals for assigned system (s), Report vulnerabilities (Risk Assessment Report and Plan of Action and Milestones (POA&Ms) through Enterprise Mission Assurance Support Service(eMASS) as required for remediation action, coordinating system security requirements with system administrators and assisting with development, maintenance, and tracking of the System Security Plan (SSP), POA&M development, tracking, and resolution.  Identify resources, milestones, and estimated completion dates to the POA&Ms as required for compliance.  Report remediation task requirements with system administrators’ feedback.  Maintain and report  systems Accreditation and Authorization status and any associated risk issues.  Ensure all information system security related documentation is current and accessible to properly authorized individuals. Develop, track, resolve, and maintain the Security Plan for  assigned systems.  Creat and manage POA&M entries and ensure vulnerabilities are properly tracked, mitigated, and resolved. Maintain Security Technical Implementation Guide (STIG) Test Plan to include new applicable STIG versions release on a quarterly basis.  Review and update STIGs with the System Administrators. Support the development and maintenance of technical documentation and Standard Operating Procedures (SOPs).  Execute the security Assessment and Authorization (A&A) process for Risk Management Framework (RMF) requirements.  Support the Information System Security Manager with site accreditation/reaccreditation process.  Perform updates to RMF accreditation documentation for assigned systems. Prepare and submit classified spillages/incident responses. Support the development of cyber security technical roadmaps.  Serve as a cyber security thought leader.
REQUIRED SKILLS: US CITIZENSHIP. “Active” Top Secret with eligibility to obtain Sensitive Compartmented Information (SCI) Clearance. A Bachelor's degree (or equivalent experience in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline, 10 years' experience. Must possess one of the following DoD level III Security professional certifications (CISA, GIAC Certified Incident Handler (GCIH), GIAC Information Security Expert (GSE), GIAC Security Leadership (GLSC), Security Certified Network Architect (SCNA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and/or Certified Information Systems Auditor (CISA). Information Technology Infrastructure Library (ITIL) 4 Foundation certification must be completed within 6 months. Expertise and knowledge with the Committee on National Security Systems (CNSS) Instruction No. 1253, National Institute Standards and Technology, Federal Information System Management Act 2014, Privacy Act of 1947, and implementing systems that contain Sensitive Information.  Minimum of 5 years with DISA Security Technical Implementation Guide (STIG), RMF and NIST 800-53 knowledge and experience.  
Demonstrate strong knowledge of cybersecurity principles and NS3 requirements relevant to the confidentiality, integrity, availability, and authentication of systems operating in a classified environment.  Proven leadership experience in security and technical risk.  Experience in cyber security architecture and design.  Understanding of cyber security framework and NIST Risk Management Framework (RMF).  Effective problem solving and analytical skills; ability to work well under pressure.  Clear and effective verbal and written communication skills. Highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues.    
DESIRED SKILLS: Must have 7-10 years of professional experience in a medium to large size organization with complex networks.