Job Title: The Information System Security Officer (ISSO)
Location: Alexandria, VA, remote
Job Category: Information Technology
Time Type: Full-time
Clearance Requirement: No clearance required
Employee Type: W2 or 1099
Citizenship: US Citizen, no Dual Citizenship
NexThreat is seeking an Information System Security Officer (ISSO). The perfect candidate will be responsible for overseeing the security of information systems within the organization. The ISSO ensures compliance with applicable security policies and regulations, including but not limited to the Risk Management Framework (RMF) and various cybersecurity standards. This position demands a proactive approach to risk management and incident response within a cloud computing environment.
Key Responsibilities:
Provide Risk Management Framework (RMF) Support
Maintain and renew existing Impact Level 4 (IL4) cloud ATO
Update records in the Enterprise Mission Assurance Support Service (eMASS), CWBI Hub, and Confluence to include system management information, security controls, implementation plans, control status continuous assessments, and a continuous monitoring plan
Analyze Personally Identifiable Information (PII) and Controlled Unclassified Information (CUI) within CWBI and prepare Privacy Impact Assessments and System of Record Notices (SORN)
Maintain and update Record Management Surveys (RMS) and supporting documents
Coordinate with SCA-V or DoD Continuous Monitoring program for assessments
Perform post-assessment actions, including creating a Plan of Action and Milestones (POA&M), Security Assessment Reports (SAR), and coordinating finalized authorization decisions with USACE CIO/G-6 and the Authorizing Official
Facilitate CWBI change management activities utilizing standard DevSecOps solutions
Track change management items from reception to completion
Conduct security impact assessments for proposed changes
Analyze CWBI modules for configuration changes using automated means
Establish and maintain baseline hardware and software configurations, as well as documentation for ports, protocols, and services management (PPSM)
Update CWBI system documentation in eMASS, Army Portfolio Management Solution (APMS), CWBI Hub, and Confluence as required
Provide Tier 3 Cyber Security Service Provider (CSSP) Support
Conduct Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), and Army Endpoint Security Solution (AESS) scanning
Coordinate system access for necessary scans
Compile and analyze monthly vulnerability reports, categorizing impact levels and assisting CWBI PMO in prioritizing work to mitigate risks
Provide code vulnerability testing, dynamic code scanning, and cloud storage management services compatible with tools such as Burp Suite, Cloudberry, and ThunderScan, ensuring any licenses are the property of USACE
Conduct Security Content Automation Protocol (SCAP), Security Technical Implementation Guide (STIG), and Federal Risk and Authorization Management Program (FedRAMP) analyses
Perform quarterly SCAP and STIG assessments and analyze results for impacts/risks
Upload results into eMASS and assist CWBI PMO with risk prioritization
Continuously monitor system security events via logging and monitoring tools
Process event log notifications and create service tickets for appropriate technical groups
Track service ticket resolutions until successful completion
Qualifications
Bachelor's degree in Computer Science, Information Systems, or a related field