Information System Security Officer (ISSO)
Ennoble First
Gaithersburg, MD
Apply
JOB DETAILS
SALARY
$135,000–$160,000 Per Year
SKILLS
Auditing, Authentication, Best Practices, Business Processes, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Computer Security, Concept of Operations (CONOPS), Customer Support/Service, Defense Information Systems Agency (DISA), Defense Intelligence, Defense in Depth, Disaster Recovery, Documentation, Documentation Plan, Due Diligence, Government, Government Off-the Shelf (GOTS), Government Standards, ISACA (Information Systems Audit and Control Association), Industry Standards, Information Technology & Information Systems, Information/Data Security (InfoSec), Intelligence Community, International Classification of Diseases (ICD), Internet Security, Leadership, Legal, Maintain Compliance, Nessus, Operations Security (OPSEC), People Management, Problem Solving Skills, Process Improvement, Record Keeping, Risk Management, Risk Management Framework (RMF), Security Analysis, Security Auditing, Security Monitoring, Sensitive Compartmented Information (SCI), ServiceNow, Software Patches, Splunk, Strategic Planning, Systems Administration/Management, Systems Analysis, Systems Engineering, Systems Maintenance, Top Secret Clearance, Training/Teaching, U.S. National Institute of Standards and Technology (NIST), United States Department of Defense (DoD), Vulnerability Scanners
LOCATION
Gaithersburg, MD
POSTED
1 day ago
Location: Gaithersburg, MD
Required Clearance: TS/SCI with Polygraph
Employment Type: Full-Time Regular
Shift: Day
Travel: No
Relocation Assistance: Yes
Company Overview
We are Ennoble First. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that's important. Ennoble First is your place. You make it your own by embracing autonomy, seizing opportunity, and being trusted to deliver your best every day. We think. We act. We deliver. There is no challenge we can't turn into an opportunity.
Position Overview
Ennoble First is seeking an Information System Security Officer (ISSO) to support mission-critical intelligence systems within the Analysis Sustainment portfolio. The ISSO will be responsible for managing authorizations and risks related to the processing, storage, and transmission of information while ensuring compliance with government and corporate cybersecurity requirements.
The ISSO will support Assessment and Authorization (A&A) activities, vulnerability management, continuous monitoring, security documentation, and risk mitigation efforts while partnering with system owners, administrators, engineers, and government stakeholders to maintain the security posture of critical mission systems.
Primary Responsibilities
- Develops risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals, and business processes.
- Must be able to quickly respond to the needs for updates and maintenance of security documentation, especially System Security Plans, Plans of Actions and Milestones (POA&Ms); Security Impact Assessment for proposed system changes, and Concept of Operations that identify and explain how each system satisfies its assigned security control baselines.
- Maintains system security plans and related configuration records in customer Service+ (ServiceNow), XACTA-360 platform, and security management tools.
- Drives necessary security changes through steering groups and control review boards to meet Risk Management milestones.
- Can work independently as well as collaboratively to drive security process improvements, especially to address gaps in meeting customer security requirements and due diligence responsibilities.
- Provides guidance and engages technical teams to implement secure software and hardware processes, government security standards, and industry security best practices.
- Resolves highly complex security problems by applying technical knowledge, conceptualizing, reasoning, and interpretation of requirements.
- Communicates with program leadership and customer stakeholders regarding matters of significant importance to the organization and project.
- Applies in-depth understanding of information security principles, theories, concepts, and their application across a range of programs.
- Develops and maintains security documentation in accordance with NGA, Intelligence Community, DoD, DISA, NIST, and industry standards.
- Initiates and coordinates Assessment and Authorization (A&A) and renewal activities with Designated Authorizing Officials and supporting organizations.
- Addresses Information Assurance and Cybersecurity notices, orders, taskings, and directives in accordance with vulnerability and patch management processes.
- Measures effectiveness of defense-in-depth architectures and Zero Trust implementations against known vulnerabilities.
- Performs security audits and assessments, including creation, tracking, and remediation support for POA&Ms.
- Coordinates with System Administrators and technical teams to remediate vulnerabilities, track findings, and document mitigation activities.
- Updates Security CONOPS and Information Technology Disaster Recovery (ITDR) plans.
- Manages security profiles and implementation activities for systems and services scheduled for Assessment and Authorization.
- Works closely with Systems Engineers, Administrators, ISSMs, security teams, and stakeholders to maintain security plans and associated documentation.
- Maintains records and documentation related to system upgrades, patches, and connectivity configurations.
- Evaluates security solutions and implementation strategies while maintaining the operational security posture of development, integration, and deployed capabilities.
- Provides training and approves user access and identification, authorization, and authentication mechanisms for information systems.
- BS degree and 8 to 12 years of prior relevant experience to operate within the scope of responsibilities.
- Active TS-SCI clearance with Polygraph.
- Experience that demonstrates an understanding and application of the ICD-503 and NIST risk management framework.
- Experience developing, maintaining, and updating RMF security documentation including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Security Impact Assessments (SIAs), Concepts of Operations (CONOPS), and Assessment & Authorization (A&A) artifacts.
- Experience supporting system accreditation activities, security control assessments, continuous monitoring, vulnerability remediation, and authorization efforts within NIST RMF and/or ICD-503 environments.
- Experience desired with the following systems/platforms/tools: XACTA; XACTA 360 (preferred); HBSS; ACAS; Nessus, SPLUNK.
- NGA experience desired.
- Has 3+ years of experience operating, analyzing, and resolving vulnerability scan results using tools such as Nessus, Tenable Security Center, or a comparable commercial or GOTS product.
- Active Certified Information Systems Security Professional (CISSP) certification or ISACA Certified Information Security Manager (CISM) certification.
- Intelligence Community experience preferred.
$135,000–$160,000
The Ennoble First pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Equal Employment Opportunity
Ennoble First is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to any characteristic protected by law.
E-Verify Participation
Ennoble First participates in E-Verify. Learn more at www.dhs.gov/E-Verify.
E-Verify is a registered trademark of the U.S. Department of Homeland Security.
Ennoble First is committed to providing a diverse and inclusive work environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Ennoble First participates in E-Verify.
The information below will be listed on our website's careers landing page.
EEO is the Law |Pay Transparency Nondiscrimination
![Learn more about E-verify]()
www.dhs.gov/E-Verify
E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.
Ennoble First participates in E-Verify.
The information below will be listed on our website's careers landing page.
EEO is the Law |Pay Transparency Nondiscrimination
E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.
About the Company
E
Ennoble First
with Ennoble First to boost your career. Ennoble First is a high-energy, technology-driven employer with people-centered values fostering continuous learning. We are a rapidly growing company. To support our expansion plans and achieve our growth objectives we are always seeking talented IT professionals. We believe an outstanding company to work for is an exceptional company to work with. By combining a great environment with great minds, we produce great results. Ennoble First promotes an all inclusive innovation friendly environment.
COMPANY SIZE
100 to 499 employeesINDUSTRY
Internet Services
FOUNDED
2014