Apply on Employer Site

Raft · 3 days ago

Information System Security Officer (ISSO)

Honolulu Metro

Full-time

Onsite

Mid, Senior Level

$180K/yr - $220K/yr

4+ years exp

Raft is a customer-obsessed small business focused on Distributed Data Systems and Complex Application Development, headquartered in McLean, VA. The Information System Security Officer (ISSO) will manage security aspects of platforms and systems, ensuring compliance and collaboration with the development team to integrate security controls early in the lifecycle.

Computer Software

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Manage the security aspects of platforms and systems designed for clients

Generate and maintain artifacts to achieve and sustain Authority to Operate (ATO)

Audit and monitor all platforms & tooling across the customer environment

Conduct risk assessments, audits, and compliance monitoring within DoD environments

Manage and create Body of Evidence (BOE) artifacts, including POA&Ms, SSPs, RARs, Vulnerability Assessments, Security Assessment Plans, etc

Conduct continuous monitoring activities such as auditing, configuration reviews, policy & procedure reviews, etc

Manage compliance activities for both on-prem & cloud-based (AWS) systems & networks

Lead programs/projects in attaining ATO

Conduct internal self-assessments and audits with external assessors

Understand Network Rules, Platforms, and Application development

Familiarity with cloud-native, scalable services

Experience with common cybersecurity tools and technologies such as vulnerability & compliance scanners, anti-malware, code analyzers, IDS/IPS, DLP, SBOM, etc

Build and maintain Standard Operating Procedures

Qualification

ISSM/O experienceATO managementRisk Management FrameworkNIST complianceEMASS packagesDISA STIGsRisk assessmentsSIEM toolsCloud systems complianceCybersecurity toolsSoft skills

Required

Minimum of 4 years' experience in ISSM/O roles

Proven experience in obtaining and maintaining ATO for classified government cloud systems, adhering to DoD policies such as Risk Management Framework (RMF), NIST 800-53 Rev 4 and 5, NIST 800-37, NIST 800-60 and more

Skilled in crafting eMASS packages and implementing DISA STIGs

Proficient in conducting risk assessments, audits, and compliance monitoring within DoD environments

Demonstrated proficiency in managing and creating Body of Evidence (BOE) artifacts, including POA&Ms, SSPs, RARs, Vulnerability Assessments, Security Assessment Plans, etc

Understanding of and experience with SIEM tools such as Splunk, Grafana, or ELK

Proficient in conducting continuous monitoring activities such as auditing, configuration reviews, policy & procedure reviews, etc

Demonstrated experience managing compliance activities for both on-prem & cloud-based (AWS) systems & networks

Track record of leading programs/projects in attaining ATO

Experience conducting internal self-assessments and audits with external assessors

In-depth understanding of Network Rules, Platforms, and Application development

Familiarity with cloud-native, scalable services

Experience with common cybersecurity tools and technologies such as vulnerability & compliance scanners, anti-malware, code analyzers, IDS/IPS, DLP, SBOM, etc

Experience building and maintaining Standard Operating Procedures

Obtain Security+ or other DoD 8570 IAT Level II or higher certification within 6 months of employment with Raft

Active Secret with the ability to obtain and maintain a Top Secret security clearance