(545) Information System Security Officer (ISSO) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Arlo Solutions · 3 weeks ago

(545) Information System Security Officer (ISSO)

positionMechanicsburg, PA
timeFull-time
remoteHybrid
seniorityMid, Senior Level
date5+ years exp

Arlo Solutions is an information technology consulting services company specializing in delivering technology solutions. The Mid Information System Security Officer (ISSO) will support the Defense Security Cooperation Agency (DSCA) Cybersecurity team by providing expertise in Risk Management Framework activities and ensuring compliance with relevant guidelines.

Cyber SecurityInformation TechnologyManagement Consulting
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Produce all required DOD compliance documentation for RMF, Audit Response and Remediation, Cyber Task Orders, Required Scorecards, Privacy documentation, and other compliance requirements as detailed in the DSCA CYBR Service Catalog
Draft and coordinate cybersecurity-related documentation to meet required standards, controls, and metrics
Support all steps of the RMF process (Steps 0-6) required to gain and maintain DOD Information Network (DODIN) and agency commercial network authority to operate
Assist in categorization, control selection, implementation, and tailoring support, as well as support of assessments from the ISSO role
Prepare and validate controls in eMASS packages for assessment and review
Ensure that control requirements are well-defined and that necessary documentation and evidence are gathered for validation and assessment
Work in the DOD GRC tool Enterprise Mission Assurance Support Service (eMASS) to support control validation
Conduct continuous monitoring of information systems to detect vulnerabilities, threats, and security incidents
Utilize security tools and technologies to perform regular scans, assessments, and analysis of system vulnerabilities
Maintain and update continuous monitoring processes and procedures to ensure they are effective and aligned with organizational requirements
Assist in the configuration and maintenance of security tools and technologies provided by the CSSP
Assist in the detection, analysis, and response to cybersecurity incidents
Participate in incident response activities, including triage, containment, eradication, and recovery
Document and report on incident response activities, providing detailed analysis and recommendations for improvement
Provide support to the Watch Officer in monitoring and managing cybersecurity events and incidents
Maintain situational awareness of the organization's security posture and emerging threats
Assist with the performance of daily and ad hoc/on-demand vulnerability scans, monthly audit scans, and monthly discovery scans
Provide weekly vulnerability compliance reporting to ISSMs
Review and adjust assets, subnets, credentials, and policies to properly manage C5ISR provided Assured Compliance Assessment Solution (ACAS) solutions
Track and ensure configuration compliance of Enterprise Security Services (ESS) Suite with RMF, ATO, and Inspection requirements
Assist with the maintenance of completed security waiver forms in coordination with EADSD and ISSM (PMO)
Work with TSD to implement effective scanning, COAMS System Registration, and Continuous Monitoring Scoring (CMRS) Tagging
Maintain and update Ports, Protocols, and Services Management (PPSM) records, including emergency and exception requests
Support the maintenance and accuracy of DoD Allow List entries
Maintain accurate and up-to-date documentation of all RMF, IT, and FISCAM controls validation activities
Prepare and submit regular reports on the status of security controls, RMF activities, and DevSecOps pipeline security
Provide detailed documentation and evidence to support security assessments and audits
Support the maintenance and configuration needed to maintain accurate ingestion of logs from all assets
Provide summaries of events/incidents, including time of event/incident, anomalous activity identified, asset names and IPs, affected users, and POC for outreach/additional actions
Complete Cybersecurity Incident Reporting Forms and assist with the detection and analysis of cybersecurity events and incidents
Support accurate IR POC list, accurate hardware/software and IP inventory, and accurate summary of event/incident
Document efforts involved in mitigating cybersecurity-related events/incidents that occur within the enterprise
Support the generation of performance monitoring reports to monitor asset availability
Support the generation of system health and security posture reports for system owners and ISSMs
Support accurate hardware and software inventory, accurate ingestion of logs from all assets, and accurate system performance and security posture baselines
Conduct specified areas of focus/detail for trend analysis
Support migration information provided by affected system ISSM and report vulnerabilities to appropriate system ISSMs/POCs
Assist with the reporting to outside agencies, including JFHQ, battle stations, external leadership, and other DOD Agencies
Support the correlated agency-level POA&Ms with the coordination of POA&Ms from DSCA to outside entities
Help complete the Cybersecurity Incident Reporting Form, including additional inputs such as personnel logs, system logs, event logs, and accurate software and hardware inventory list

Qualification

Risk Management Framework (RMF)Cybersecurity incident responseSecurity control assessmentsContinuous monitoringEMASS proficiencyIT controls validationFISCAM guidelinesVulnerability managementNIST knowledgeISO 27001 knowledgeCIS Controls knowledgeAnalytical skillsSoft skillsDocumentation skillsTeam collaborationCommunication skillsProblem-solving skills

Required

Must be a US Citizen
Active Secret Clearance
Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field is required OR additional four years of experience
Minimum of five years of relevant experience in cybersecurity, information assurance, or a related field
Experience in IT controls validation and familiarity with Federal Information System Controls Audit Manual (FISCAM) guidelines
Experience in incident response, continuous monitoring, and vulnerability management
Strong understanding of RMF processes, including categorization, control selection, implementation, and assessment
Proficiency in using security assessment tools and platforms such as eMASS (Enterprise Mission Assurance Support Service)
Familiarity with continuous monitoring processes and tools
Experience with incident response processes and tools
Knowledge of cybersecurity frameworks and standards, such as NIST, ISO 27001, and CIS Controls

Preferred

Experience with the Risk Management Framework (RMF) and security control assessments is highly desirable
Certifications such as CISSP, CISM, CISA, CAP, or equivalent are highly desirable

Company

Arlo Solutions

twittertwittertwitter
company-logo
Arlo Solutions is a dynamic team of proven data protectors, information confidantes, tech aficionados and digital innovators.
dateFounded in 2014
location
Washington, District of Columbia, USA
people-size51-200 employees
web-link
https://arlo-solutions.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Lonye Ford
CEO
linkedin
leader-logo
Tesfa “Taz” Wube
Chief Growth Officer
linkedin
Company data provided by crunchbase