Tech Stack

Description

You will support secure Department of Defense cloud systems and programs, ensuring compliance, monitoring cybersecurity posture, and assisting with RMF/JSIG accreditation. You'll perform continuous monitoring, vulnerability assessment, and risk analysis while collaborating with security, development, and operations teams to protect classified systems.

Requirements

• DoD 8570 IAT Level II certification, such as Security+
• 3 years of experience in an ISSO or equivalent security role
• Hands-on user experience (3 years combined) with: SIEM platforms (Splunk preferred)
• Vulnerability management tools (ex: Nessus/ACAS)
• Compliance and reporting tools (ex: SCAP Compliance Checker, Evaluate-STIG, DISA STIGs, eMASS)
• Experience with RMF/JSIG accreditation lifecycle, control implementation, and/or continuous monitoring
• Experience performing risk analysis, vulnerability assessments, and/or security audits
• Technical writing experience to support documentation responsibilities
• Experience with TCP/IP networking and network security

Responsibilities

• Perform continuous monitoring, vulnerability assessment, and risk analysis, validating remediation actions and documenting POA M updates
• Maintain the operational security posture consistent with the security authorization package and ATO requirements
• Verify user clearance, need-to-know, and security responsibilities prior to system access
• Ensure audit records are captured, reviewed regularly, and anomalies documented
• Conduct regular system security reviews to ensure compliance with security authorization and STIG/CIS benchmarks and baselines
• Develop, sustain, and maintain RMF documentation packages (SSP, SAP, SAR, POA M, ConMon)
• Support development and sustainment of Authorization to Operate (ATO) packages and Body of Evidence (BoE)
• Coordinate hardware/software/firmware changes with the ISSM and AO/DAO, notifying stakeholders of security-relevant changes
• Collaborate with Security Engineers, DevOps, and IT operations teams during the system design, integration, and development phases to evaluate risk and ensure compliance, including Zero Trust Architecture (ZTA) requirements
• Implement cloud-native security solutions such as encryption, IAM, network segmentation
• Participate in incident handling, reporting security incidents to ISSM, and tracking recovery actions to ensure controls are restored correctly
• Engage with Change Control Board (CCB) if delegated by ISSM
• Ensure compliance with STIGs, utilizing SCAP Compliance Checker, Evaluate-STIG, and other DoD cyber assessment tools
• Assist the ISSM in all cybersecurity-related duties and assume ISSM responsibilities in their absence