Apply on Employer Site

The MIL Corporation · 4 months ago

Information Systems Security Officer (ISSO) – Intermediate (Info. Systems & Cyber Security, Associate)

Norfolk, VA

Full-time

Hybrid

Mid, Senior Level

$115K/yr - $145K/yr

7+ years exp

The MIL Corporation seeks an Information Systems Security Officer (ISSO) – Intermediate to support cybersecurity operations for a Federal Government client in Norfolk, VA. The ISSO ensures cybersecurity for assigned systems, reporting to the Program Manager/System Owner and is responsible for feature deployment, security policy implementation, and RMF compliance.

Financial ServicesInformation ServicesInformation Technology

Work & Life Balance

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Collaborate with SOC stakeholders (systems administration, network, security, infrastructure teams, Enterprise Help Desk, program managers, and business unit sponsors)

Ensure DoN Authorization to Operate (ATO) compliance Commander, Navy Installations Command (CNIC) operational IT boundaries per applicable directives

Provide expertise in RMF processes, guiding system owners through steps 1–5, including categorization, control selection, and eMASS documentation

Conduct continuous monitoring, vulnerability scanning, STIG/patch application, and manage findings in eMASS and VRAM

Maintain and update POAMs and configuration management plans, ensuring timely milestone completion

Evaluate threats, vulnerabilities, and security findings, providing recommendations to enhance IT resource protection

Ensure compliance with Department of Navy (DoN) and DoD cybersecurity policies, verifying user clearances and training

Assemble and submit Security Authorization Packages, registering and maintaining systems in eMASS

Execute annual security reviews, control testing, and contingency plan testing per FISMA requirements

Correlate non-RMF vulnerability assessment findings (e.g., penetration testing, CCORI) to RMF controls for holistic risk assessment

Qualification

Security+ CertificationRMF processesEMASSVulnerability managementCISSP CertificationNavy Risk Management FrameworkDoD cybersecurity directivesCommunication skills

Required

7 years of relevant experience in cybersecurity or related fields

Active Security+ Certification (IAT Level II)

Expertise in RMF processes and tools (e.g., eMASS, VRAM, NESSUS) and compliance frameworks (e.g., CNSS 1253, FIPS 199, STIGs)

Strong understanding of DoD, DoN, and CNIC cybersecurity directives, processes, and business rules

Proven experience creating and maintaining RMF artifacts, managing vulnerabilities, and maintaining configuration management plans

Strong communication skills for effective collaboration with team members

Bachelor's Degree in a relevant field from an accredited institution. Alternatively, an Associate's Degree with an additional 4 years of relevant work experience, or an additional 6 years of relevant work experience in lieu of a degree

All applicants for this position must possess a current Secret clearance; please note that the clearance process considers financial background aspects