Apply on Employer Site

Woods Hole Oceanographic Institution · 10 hours ago

Information System Security Officer

Woods Hole, MA

Full-time

Onsite

Mid, Senior Level

$114K/yr - $148K/yr

5+ years exp

Woods Hole Oceanographic Institution is searching for a highly skilled and cleared Information System Security Officer (ISSO) to join their team, focusing on the security of classified information systems and networks. This role is responsible for ensuring the confidentiality, integrity, and availability of sensitive government information in accordance with U.S. government security directives.

EducationMarine TechnologyNon ProfitProduct Research

No H1B

Security Clearance Required

Responsibilities

Lead or support the development, review, and submission of comprehensive security authorization packages (e.g., System Security Plans (SSPs), Risk Assessment Reports, Contingency Plans, Plan of Action and Milestones (POA&Ms)) for classified systems

Ensure all classified systems maintain an Authority to Operate (ATO), Interim Authority to Test (IATT), or Authority to Connect (ATC) in accordance with RMF or legacy A&A processes (e.g., DIACAP)

Interpret and apply USG security policies, regulations, and guidelines, including but not limited to: NISPOM, DoD Instruction 8500.01, NIST SP 800-53, DCID 6/3, ICD 503, JSIG, and DISA STIGs

Design, implement, and maintain security controls specific to classified systems, including secure configurations, access controls, auditing, media control, and classified spillage prevention/response

Configure and manage specialized security tools relevant to classified environments (e.g., Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), Data Loss Prevention (DLP) solutions)

Perform rigorous hardening of operating systems (Windows, Linux), applications, and network devices based on DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)

Conduct vulnerability scans, analyze results, and work with system administrators to remediate security weaknesses on classified systems

Oversee and perform continuous monitoring activities, including reviewing audit logs, security events, and system alerts for anomalous behavior

Track and ensure compliance with Information Assurance Vulnerability Management (IAVM) directives

Act as a primary point of contact and lead for security incidents and classified spillage events on assigned systems

Execute incident response procedures, including containment, eradication, recovery, and detailed reporting to relevant government authorities

Participate in forensic investigations as required for classified incidents

Maintain meticulous documentation of all security artifacts, configurations, policies, and procedures for classified systems

Support internal and external security inspections, audits, and assessments by government agencies (e.g., DCSA, DSS, NSA)

Develop and implement standard operating procedures (SOPs) for the secure operation of classified systems

Provide guidance and training to users on proper handling, marking, and safeguarding of classified information and operation of classified systems

Ensure all personnel accessing classified systems meet training requirements (e.g., security awareness, insider threat)

Manage and control changes to the hardware, software, and firmware of classified systems to maintain their security posture and accreditation

Qualification

Risk Management Framework (RMF)Security ClearanceIncident ResponseSecurity Tools ManagementDISA STIGsVulnerability ManagementNetwork ProtocolsOperating SystemsUser TrainingCompliance SupportDocumentationSoft Skills

Required

Active U.S. Government Security Clearance required at the SECRET level or above

Bachelor's degree in Computer Science, Information Security, Cybersecurity, or equivalent experience

5 years of dedicated experience in Information Assurance/Cybersecurity within classified government or defense environments

Demonstrable expertise in the Risk Management Framework (RMF) or equivalent A&A processes (e.g., DIACAP)

Hands-on experience with security tools and technologies used in classified environments (e.g., ACAS, HBSS, SIEM, dedicated firewalls)

Proven experience with DISA STIGs and their application to various operating systems and applications

Strong understanding of network protocols, operating systems (Windows, Linux/Unix), and virtualized environments in a classified context

Experience with encryption technologies and COMSEC devices

Preferred

Knowledge of scripting languages (e.g., PowerShell, Python, Bash) for automation and auditing is a plus

CISSP (Certified Information Systems Security Professional)

DoD 8570.01-M IAT Level II (e.g., CompTIA Security+, CySA+, CCNA Security, SSCP) or higher (IAM Level I, II, or III)

GIAC Certifications relevant to incident handling, forensics, or security auditing (e.g., GCIH, GCFA, GCCC, GSNA)

Benefits

Comprehensive benefits package

Company

Woods Hole Oceanographic Institution

As the world's largest private nonprofit ocean research, engineering and education organization, we are dedicated to advancing solutions for our ocean, our planet, and our future.

Founded in 1930

Woods Hole, Massachusetts, USA

1001-5000 employees