Job Title: Information System Security Officer (ISSO)

Location: On-Site in Arlington, VA  

Department: Cyber Security Services  

Reports To: Management 

FLSA Status: Full Time/Non-exempt  

Description:

Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Joining the Apavo team means becoming part of a company rooted in the principles of quality, and communication. We value positive, candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive environment, Apavo is the place for you.

Job Purpose:

The Information Systems Security Officer (ISSO) ensures the secure operation of complex, multi-enclave IT and Research & Development (R&D) systems in support of the Defense Advanced Research Projects Agency (DARPA). Operating across all classification levels (Unclassified, Secret, TS/SCI, and Special Access Programs), the ISSO serves as the principal advisor to Information System Owners regarding security posture. This role requires a "hands-on" governance approach, heavily utilizing the Assured Compliance Assessment Solution (ACAS) and standard DoD tooling to drive Continuous Monitoring (ConMon), validate compliance, and maintain active Authority to Operate (ATO) statuses without disrupting critical experimental research.

Duties & Responsibilities:

ISSO responsibilities include, but are not limited to:

RMF Lifecycle Management: Develop, maintain, and oversee RMF authorization packages (SSP, SAR, RAR, SAP, and POA&M) within systems of record (e.g., eMASS, Xacta) for standard enterprise and non-standard DARPA research environments.

ACAS Operations & Vulnerability Management: Execute credentialed and non-credentialed ACAS (Tenable.sc / Nessus) scans across connected and air-gapped networks. Analyze scan results to identify vulnerabilities, assess risk, and validate compliance against DoD baselines.

POA&M & Remediation Advisory: Translate complex ACAS scan results and DISA STIG findings into actionable mitigation strategies. Work directly with systems administrators and researchers to remediate vulnerabilities, track progress, and close POA&M items.

Continuous Monitoring (ConMon): Implement and oversee ConMon strategies. Review ACAS dashboards, audit logs (e.g., Splunk, Elastic), and system configurations to ensure ongoing compliance with NIST SP 800-53 controls.

Air-Gapped & Multi-Enclave Support: Facilitate secure data transfers, manual ACAS plugin/feed updates, and compliance validation for isolated, disconnected, and highly classified DARPA enclaves.

Security Assessments: Conduct routine compliance checks using SCC, STIG Viewer, and Evaluate-STIG. Support independent third-party assessments (e.g., CCRI) and ATO control validations.

Incident Handling: Coordinate with the Information Systems Security Manager (ISSM) and incident response teams to investigate security anomalies, audit anomalies, or classified data spillages.

Other

This is typical office or administrative work, and there is no exposure to adverse environmental conditions. 

This position requires sedentary work. Sedentary work is defined as: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met. 

Apavo Corporation provides equal employment opportunities to all applicants and employees and strictly prohibits any type of harassment or discrimination in regards to race, religion, age, color, sex, disability status, national origin, genetics, sexual orientation, protected veteran status, gender expression, gender identity, or any other characteristic protected under federal, state, and/or local laws.

Consistent with the Americans with Disabilities Act (ADA), it is the policy of Apavo Corporation to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process. If reasonable accommodation is needed, please contact Apavo Human Resources at hr@apavo.com or 571-407-0069

Employment with Apavo Corporation is on an at-will basis, meaning either you or the Company can terminate the employment relationship, at any time, for any or no reason, and with or without cause or notice. As an at-will employee, your employment with Apavo Corporation is not guaranteed for any length of time.

Qualifications:

• Education/Experience: Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience) with 5–7+ years of experience acting as an ISSO or in a senior DoD RMF compliance role.
• Clearance: Active Top Secret clearance with SCI eligibility. (Willingness to undergo a Counterintelligence (CI) or Full-Scope Polygraph for SAP readiness is highly preferred).
• DoD Directive: DoD 8570.01-M / 8140.03 compliant for IAM Level II or III (e.g., CAP, CISM, CASP+ CE, CISSP).
• ACAS Proficiency: Hands-on experience executing scans, interpreting vulnerability data, and managing asset lists in ACAS (Nessus / Tenable.sc). A current DISA ACAS Operator/Admin training certificate is highly desired.
• Framework Knowledge: Expert-level understanding of DoD RMF (DoDI 8510.01), NIST SP 800-53/800-37/800-171, and DISA STIG implementation.
• Tooling: Proven experience managing ATO artifacts in eMASS or Xacta. Proficient with SCC, STIG Viewer, and interpreting IAVA/IAVM notices.
• Communication: Exceptional written and verbal communication skills. Ability to act as a security liaison, balancing strict DoD compliance requirements with DARPA's flexible, fast-paced R&D mission needs.