Information Systems Security Officer - Cloud Security Specialist

Overview

INFORMATION SYSTMES SECURITY OFFICER - CLOUD SECURITY SPECIALIST (NAUT):

Bowhead seeks an Information Systems Security Officer (ISSO Cloud) to support our customer on the Nautical contract in the Arlington, VA area. This position ensures information systems security compliance and manages security controls for DoD cloud migration projects while coordinating security accreditation activities and maintaining ongoing security posture.

Responsibilities

• Implement and maintain security controls per NIST 800-53 and DoD standards for cloud-based systems

• Conduct comprehensive security assessments and vulnerability analyses on cloud infrastructure

• Manage security documentation and compliance reporting for continuous monitoring programs

• Coordinate with Authorizing Officials for system accreditation and Risk Management Framework (RMF) processes

• Monitor security incidents and coordinate response activities across cloud environments

• Maintain security awareness training programs and ensure personnel compliance with DoD security requirements

• Support continuous monitoring and security control assessments for cloud-based information systems

• Conduct vulnerability scans and recognize cloud-based vulnerabilities in security systems

• Utilize DoD network analysis tools to identify cloud-based vulnerabilities (e.g., ACAS, HBSS, etc.)

• Apply system, network, and OS hardening techniques for cloud environments

• Conduct cloud-based application vulnerability assessments and penetration testing

• Identify systemic security issues based on analysis of vulnerability and configuration data

• Apply cybersecurity and privacy principles to organizational requirements (confidentiality, integrity, availability, authentication, non-repudiation)

• Utilize Tenable Assured Compliance Assessment Solution (ACAS) for vulnerability management

• Manage Trellix Endpoint Security System (ESS), previously known as McAfee Host Based Security System (HBSS)

• Apply cloud-based access controls (access control lists, LDAP, Active Directory, etc.)

• Configure and maintain Virtual Private Network (VPN) devices and encryption protocols

• Troubleshoot and diagnose cyber defense infrastructure anomalies and work through resolution

• Perform impact/risk assessments for cloud security implementations

• Develop insights about the context of organizational threat environments to improve risk management posture

• Ensure complete understanding and implementation of NISPOM and ICD requirements

• Plan, schedule, and prioritize security activities to accomplish mission objectives

• Handle classified information according to proper procedures and security protocols

• Other duties as assigned

Qualifications

• Bachelor's degree in Cybersecurity, Information Systems, Information Technology, Computer Science, or related field from an ABET accredited or CAE designated institution or 10 years experience in leiu of this degree.

• Minimum of 16+ years of information security experience with demonstrated expertise in cloud security

• Minimum of 5+ years of DoD security experience in enterprise environments

• Minimum of 3+ years of hands-on experience with cloud security frameworks and implementations

• Complete understanding and experience implementing requirements of the NISPOM and ICDs

• Knowledge of cloud security principles and FedRAMP requirements

• Meets the Core and Additional Knowledge, Skills, and Abilities Tasks (KSATs) defined in the DoD Cyber Workforce Framework

• Demonstrated ability to develop solutions to complex security problems

• Proven ability to work in fast-paced, deadline-driven environments

• Excellent verbal and written communication skills for technical and executive audiences

• Recent experience with security management policies and procedures

• Proficiency with Microsoft Office Suite and security management tools

CERTIFICATION REQUIREMENTS:

Required: CISSP, CISM, or equivalent DoD Directive 8570 compliant certification; CompTIA SecurityDesired: GCIH, GSEC, CISSP, CISA, FITSP-M, GCSA, GISF, SSCP, CEH, or other advanced security certifications

Physical Demands

• Must be able to lift 25 pounds on occasion.

• Must be able to stand and walk for prolonged period amounts of time.

• Must be able to twist, bend, and squat periodically.

SECURITY CLEARANCE REQUIREMENTS: Must be able to maintain a security clearance at the Top Secret level with SCI eligibility and maintain SAP eligibility. Due to work requirements, this position will not entertain work from home capabilities. US Citizenship is a requirement for this contract.

#LI-KC1

Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC’s Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant’s resume/application may be subject to verification.

Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes.

UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. Please view Equal Employment Opportunity postershere ( .

All candidates must apply online at , and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance .

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar company recognized as a top Alaska Native Corporation providing services across the Department of Defense and many federal agencies. Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and state or contract required paid time off programs.

Join our Talent Community!

Join our Talent Community ( to receive updates on new opportunities and future events.

ID 2026-25358

Category Engineering

Location : Location US-VA-Arlington

Clearance Level Must Be Able to Obtain Top Secret/SCI

Minimum Clearance Required Secret

Travel Requirement N/A