Information System Security Officer (ISSO)

Job Description

Job Description

About the Organization

Now is a great time to join Redhorse Corporation. We are a solution-driven company delivering data insights and technology solutions to customers with missions critical to U.S. national interests. We’re looking for thoughtful, skilled professionals who thrive as trusted partners building technology-agnostic solutions and want to apply their talents supporting customers with difficult and important mission sets.

About the Role
US Army INSCOM is seeking an Information Systems Security Officer II (ISSO II) to support G6 at Fort Belvoir, VA. The successful candidate will have experience working as an ISSO on large Department of Defense contracts and leading a team of other cyber security professionals in support of project and client goals and objectives.  

Key Responsibilities

Perform the duties of an Information System Security Officer (ISSO) as defined in AR 25-2, DA 25-2-14, and the NIST SP 800-53 security controls when the organizationally-defined personnel includes the ISSO 

Actively manages the organization’s eMASS records which includes but is not limited to: 

Validates security controls including associated artifacts 

Assesses security scan results and STIGs as required 

Performs POA&M updates, tracking, and resolution 

Leads the continuous monitoring activities of the organization 

Manages the day-to-day activities and the professional development of the Cybersecurity Analysts 

Collaborates with the O-ISSM on all assessment and authorization activities to ensure the information systems maintain an authority to operate (ATO) on all applicable DoD/IC networks 

Maintain up-to-date status on all assigned systems and communicate status to the Government leads 

Maintain complete records of communications, submit written status reports as required, perform peer-review as directed, and attend weekly meetings 

Correspond with the Government customer and system administrators to communicate any unacceptable risks identified and correct deficient POA&M items to meet DoD and IC standards 

Coordinate with the Security Control Assessor (SCA) to perform analysis of the overall risk level the system poses to enterprise networks and to mission data 

Create and maintain cybersecurity policies and standards 

Ensure that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards 

Ensures security scans and STIG checklists are updated according to DA G2 policy 

Produces actionable, risk-based reports on security assessment results 

Assists with vulnerability remediation when necessary 

Develops and maintains security plans and security testing plans 

Periodically updates and improves risk models; metrics; reports; processes; and activities to stay compliant with evolving DoD and IC standards 

Ensures the user community understands and adheres to necessary procedures to maintain security posture of the information systems 

Provides guidance in the creation and maintenance of Standard Operating Procedures (SOPs); Tactics, Techniques, and Procedures (TTPs); and other similar documentation 

Required Experience/Clearance

• PhD in an area of Science, Technology, Engineering or Mathematics with at least: 

  15 years’ experience as a cybersecurity professional

  OR 

  a Master's degree in an area of Science, Technology, Engineering or Mathematics with at least 18 years’ experience as a cybersecurity professional

  OR 

  a Bachelor’s degree in an area of Science, Technology, Engineering or Mathematics with at least 20 years’ experience as a cybersecurity professional 

  Active TS security clearance and eligible for SCI and NATO read-on prior to starting work 

  Meet the DoD requirements for a privileged user on a TS/SCI information system prior to starting work - DoD 8140 / 8570.01-m requirements 

  15+ years’ experience with the assessment and accreditation activities of national security systems (NSSs) 

  10+ years’ experience validating system security controls 

  10+ years’ experience with vulnerability management 

  10+ years’ experience with DISA Security Technical Implementation Guides (STIGs), DISA Security Requirements Guide (SRG), and vendor-specific security guides 

  8+ years’ experience with RMF and eMASS 

  5+ years’ experience with POA&M tracking and resolution 

  3+ years’ experience performing the continuous monitoring of system security controls

Desired Experience

10 years’ experience as an ISSO on Army Intel programs 

2 years’ experience with AC2SP tenant assessment and accreditation activities 

Redhorse Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability, or any other protected class.

 

Accommodations:

If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site as a result of your disability. You can request reasonable accommodations by contacting Talent Acquisition at Talent- View email address on ziprecruiter.com

 

Redhorse Corporation shall, in its discretion, modify or adjust the position to meet Redhorse’s changing needs.

This job description is not a contract and may be adjusted as deemed appropriate in Redhorse’s sole discretion.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.