Information Assurance III (ISSO)

Join Gray Link Technologies LLC as a Full Time Information Assurance III (ISSO) and immerse yourself in an exciting opportunity that allows you to apply your expertise in DoD cybersecurity and the Risk Management Framework (RMF) within a dynamic environment in Montgomery, AL. You will engage in critical tasks such as implementing NIST SP 800-53 and NIST SP 800-171 controls, ensuring compliance auditing, and conducting vulnerability assessments using tools like Nessus and ACAS. Be at the forefront of security control assessments and incident response coordination for classified systems, and play an integral role in the system authorization process. This onsite position promotes collaboration and innovation, enabling you to work alongside a team of professionals committed to excellence and integrity in government cybersecurity.

You will have the chance to contribute meaningfully to the Assessment and Authorization (A&A) process, formulate POA&Ms, and uphold our commitment to continuous monitoring and cybersecurity compliance. You will receive great benefits such as Medical, Dental, Vision, 401(k), Life Insurance, and Paid Time Off. Step into a role where your skills will shape the future of information assurance.

Gray Link Technologies LLC: Our Mission

Gray Link Technologies is a mission-driven technology and cybersecurity company that supports U.S. government customers in designing, securing, and operating resilient enterprise networks. We value technical excellence, accountability, and people who take ownership of complex problems in high-impact environments.

Your day to day as a Information Assurance III (ISSO)

As a Full Time Information Assurance III (ISSO) at Gray Link Technologies LLC, you will play a pivotal role in fortifying the security posture of classified DoD information systems. Your day-to-day responsibilities will primarily revolve around hands-on Risk Management Framework (RMF) activities, including reviewing system changes to assess security impacts and conducting thorough vulnerability and compliance assessments with tools such as ACAS, Nessus, and DISA STIGs. You will meticulously document findings within eMASS while ensuring alignment with DoD cybersecurity policies and NIST standards. Your expertise will extend to managing Authorizations to Operate (ATO), tracking remediation efforts through Plans of Action and Milestones (POA&M), and supporting Assessment and Authorization (A&A) processes for both new and existing systems. In collaboration with engineers and system owners, you will address security findings, prepare technical reports, and facilitate audits to ensure compliance and continuous monitoring requirements are met, all while leading assigned security personnel in achieving mission objectives.

What we're looking for in a Information Assurance III (ISSO)

To thrive as a Full Time Information Assurance III (ISSO) at Gray Link Technologies LLC, candidates must possess a robust understanding of DoD cybersecurity policies and the Risk Management Framework (RMF). In-depth experience applying NIST SP 800-series publications and CNSSI 1253 controls is crucial, along with a solid background as an ISSO or ISSM for classified programs. Familiarity with Assessment and Authorization (A&A) processes and lifecycle management is essential, as is a proven track record of maintaining Authorizations to Operate (ATO) and Approvals to Connect (ATC).

Proficiency with RMF-related tools such as eMASS, ACAS/Nessus, and DISA STIGs will enable candidates to conduct vulnerability assessments and compliance audits effectively. Strong analytical skills to assess threats and vulnerabilities, combined with the ability to manage and track Plans of Action and Milestones (POA&Ms), are critical. Exceptional technical writing skills for developing reports and documentation, alongside experience in incident response coordination and security investigations, will set candidates apart.

Familiarity with Ports, Protocols, and Services (PPS) registration is also important for success in this role.

Knowledge and skills required for the position are:

• In-depth knowledge of DoD cybersecurity policies and Risk Management Framework (RMF)

• Experience applying NIST SP 800-series publications and CNSSI 1253 controls

• Prior experience as an Information System Security Officer (ISSO) and/or Information System Security Manager (ISSM) supporting classified programs

• Strong understanding of Assessment and Authorization (A&A) processes and lifecycle

• Experience maintaining Authorizations to Operate (ATO) and Approvals to Connect (ATC)

• Proficiency with RMF-related tools and platforms including eMASS, ACAS/Nessus, ESS, audit tools, and DISA STIGs

• Experience conducting vulnerability assessments, compliance audits, and security control testing

• Ability to analyze threats, vulnerabilities, system architectures, and interfaces to assess risk

• Experience developing, managing, and tracking POA&Ms and implementing corrective actions

• Knowledge of Information System Continuous Monitoring (ISCM) strategies and execution

• Experience supporting or leading security assessments, inspections, and audits

• Ability to develop and manage MOUs, ISAs, and Risk Acceptance documentation

• Experience with Ports, Protocols, and Services (PPS) registration, review, and compliance with DoD PPS CAL requirements

• Strong technical writing skills for reports, findings, briefings, and compliance documentation

• Experience coordinating incident response activities and security investigations

• Ability to supervise or lead security personnel supporting RMF execution

• Familiarity with hardware and software inventory validation in classified environments

Make your move

If you have these qualities and meet the basic job requirements, we'd love to have you on our team. Apply now using our online application!