Cybersecurity Engineer/Information System Security Officer

Job Description

Job Description

Experienced Information Systems Security Officer (ISSO) or Assessment and Authorization (A&A) Lead supporting Risk Management Framework (RMF) activities and Authorization to Operate (ATO) processes in DOD/DOW to support DISA Headquarters. Able to demonstrate deep knowledge of NIST SP 800-53 Rev. 4 and Rev. 5 controls and vulnerability management using vulnerability scanning tools and continuous monitoring practices within workflow platforms. Able to work collaboratively with ISSOs, ISSMs, SCA-R, Engineers, system owners, and government stakeholders to ensure systems maintain compliance, security posture, and audit readiness. Provides detailed status reporting, supports security documentation, and manages POA&M remediation efforts tied to scan findings and control assessments.

Key Responsibilities:

• Support and maintain an enterprise security system through the ATO lifecycle using the Risk Management Framework (RMF) aligned to NIST 800-53 Rev.4 to Rev.5 controls.
• Conduct and evaluate RMF REV 5 controls self-assessments to satisfy effective alignment with authorization boundaries.
• Conduct vulnerability analysis by pulling and interpreting vulnerability scan results and translating findings into actionable remediation tasks.
• Manage security artifacts and control implementations within workflow tools such as eMASS and ESPS for ongoing authorization and continuous monitoring.
• Collaborate with ISSO, ISSM, SCA-R, Engineers and government teams to review system security posture and compliance requirements.
• Prepare and deliver weekly device and control status reports to leadership and government stakeholders; or as needed.
• Maintain and update System Security Plans (SSP) and associated RMF documentation to ensure accuracy and audit readiness.
• Attend technical and governance meetings to document and support change requests impacting system security posture.
• Develop, update, and submit POA&Ms in the workflow tools such as eMASS based on vulnerability scan findings, control deficiencies, and assessment results.
• Assess and communicate risk posture, compliance gaps, and remediation timelines to stakeholders.
• Support continuous monitoring efforts by validating control effectiveness and tracking remediation progress.
• Ensure alignment with DISA federal cybersecurity policies, standards, DTO’s and compliance mandates.

Qualifications:

· BS/MS degree in Computer Science, Engineering or a related subject

· At minimum 5+ years of hands-on work experience with ISSO duties; performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful security authorization of such systems

• A minimum of 5 years of relevant experience, or an equivalent combination of related training and experience, is required
• Skills / Knowledge: Risk Management Framework, NIST Standards, Vulnerability Assessment Tools (ex: ACAS, Nessus Scanner), Monitoring Tools (ex: HBSS, ESS, MDE/MDI) Security Technical Implementation Guides, Incident Response, Public Key Infrastructure

· Proficiency in both written and verbal communications amongst a diverse audience of stakeholders

· Ability to work independently or as a member of a team focused on meeting delivery deadlines within a defined schedule

· Practical and working knowledge of Microsoft Office applications

· Time management skills

· Attention to detail essential functions

Certifications:

· DoD 8570 IAT Level II Compliant required (IAT Level III preferred)

Clearance:

· Clearance Minimum Active DoD Secret Clearance (Top Secret Preferred)