Are you looking to take the next steps in your career as an Information System Security Officer (ISSO) — Level 3? Let's chat and see if we are a good match!

Opportunity:
Virtual Service Operations is searching for an Information System Security Officer (ISSO) to join our dynamic team in Lorton, Virginia. The Information System Security Officer (ISSO) is responsible for supporting the cybersecurity, compliance, and risk management activities of DoD information systems operating within classified and/or controlled environments. The ISSO works closely with the Information System Security Manager (ISSM), system administrators, engineers, program managers, and government stakeholders to ensure systems maintain compliance with applicable cybersecurity policies, including the Joint Special Access Program (SAP) Implementation Guide (JSIG), DoD Risk Management Framework (RMF), and applicable Intelligence Community (IC) and DoD directives. The ISSO assists in the implementation, assessment, monitoring, and maintenance of security controls to support Authorization to Operate (ATO) activities and continuous monitoring requirements.

Key Responsibilities: 

ISSM Support & Core Security Authorities:

• Assist the ISSM in meeting their duties and responsibilities, and assume ISSM responsibilities in the ISSM’s absence.
• Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures outlined in the security authorization package.
• Verify that all users possess the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities prior to being granted access to the system.
• Report all security-related incidents to the ISSM.
• Conduct periodic reviews of information systems to verify continued compliance with the security authorization package.
• Serve as a member of the Configuration Control Board (CCB) when designated by the ISSM.
• Coordinate any changes or modifications to system hardware, software, or firmware with the ISSM and Authorizing Official/Designated Authorizing Official (AO/DAO) prior to implementation.
• Formally notify the ISSM and AO/DAO when changes occur that might affect the system’s security authorization.
• Monitor system recovery processes to confirm security features and procedures are properly restored and functioning correctly.
• Maintain an equivalent IAM Level 2 certification based on the DoD 8140 standard.
• Participate in joint agile backlog planning, providing feedback to the software development and infrastructure teams on high- and medium-risk items that require Information System Owner approval.

Cybersecurity Compliance & RMF Support:

• Support the implementation and maintenance of cybersecurity requirements in accordance with JSIG, RMF, and applicable DoD policies. 
• Assist in developing, maintaining, and updating RMF documentation including: 
• System Security Plans (SSPs) 
• Security Control Traceability Matrices (SCTMs) 
• Plans of Action and Milestones (POA&Ms) 
• Security Assessment Reports (SARs) 
• Continuous Monitoring Plans 
• Ensure security controls are implemented and maintained in accordance with approved security baselines. 
• Support security authorization efforts throughout the RMF lifecycle. 

Continuous Monitoring & Vulnerability Management:

• Conduct continuous monitoring activities to maintain system authorization. 
• Review and analyze vulnerability scan results from tools such as ACAS. 
• Track remediation efforts and validate closure of identified vulnerabilities. 
• Assist with risk assessments and development of mitigation strategies. 
• Monitor system changes for security impact and support configuration management activities. 

Security Operations:

• Coordinate and support security audits, inspections, and assessments. 
• Maintain security-related records, reports, and artifacts required for compliance reviews. 
• Investigate and document cybersecurity incidents and assist with incident response activities. 
• Ensure audit records are collected, reviewed, retained, and documented in accordance with security requirements, including any identified anomalies. 
• Verify proper implementation of system hardening standards and security configurations. 
• Work with information system security engineers to ensure secure system configurations. 
• Review proposed system changes and evaluate security implications. 
• Validate compliance with approved configuration baselines.
• Support enforcement of least privilege and separation of duties principles. 
• Provide security guidance to system users and administrators.  

Documentation & Reporting:

• Maintain accurate cybersecurity documentation and records, ensuring all IS security-related documentation is current and accessible to properly authorized individuals. 
• Prepare reports and briefings for program leadership, ISSM, and government representatives. 
• Support internal and external cybersecurity assessments. 
• Maintain evidence required for audits and authorization activities. 

Required Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or related field (or equivalent experience). 
• 5+ years of cybersecurity, information assurance, or information systems security experience. 
• Experience supporting DoD RMF processes and cybersecurity compliance efforts. 
• Working knowledge of: 
• JSIG requirements and security artifacts
• NIST SP 800-53 security controls 
• DoD RMF processes 
• STIG implementation and compliance 
• Vulnerability management processes 
• Active TS/SCI clearance 
• Current DoD 8570/8140 compliant certification such as: CISA, CASP+, CISSP, CISM 

Preferred Qualifications:

• Experience supporting SAP, SCI, or other classified environments. 
• Experience with Windows, Linux, and virtualized environments. 
• Familiarity with Cross Domain Solutions (CDS). 
• Experience with ACAS, Splunk, Tenable, Trellix ePO or similar cybersecurity tools. 
• Knowledge of cloud security requirements within DoD environments. 
• Experience supporting security assessments and authorization packages. 
• Strong understanding of cybersecurity principles and risk management practices. 
• Ability to interpret and apply JSIG and DoD cybersecurity requirements. 
• Excellent analytical and problem-solving skills. 
• Strong written and verbal communication skills. 
• Ability to work independently and collaboratively in a mission-focused environment. 
• Strong attention to detail and documentation accuracy. 

• Must be within driving distance of Lorton, VA OR willing to relocate there (Relocation Assistance Package Available)
• Must be willing to work onsite (This role may include the need to work outside of core hours on high priority investigations and may also include on-call responsibilities)
• Active TS/SCI clearance required.
• Current DoD 8570/8140 compliant certification such as CISA, CASP+, CISSP, or CISM.
• Strong written and verbal communication skills with excellent attention to detail and documentation accuracy.
• Ability to work independently and collaboratively in a mission-focused environment.
• Must be willing and able to travel frequently

What is Important to Us:

• You are an excellent communicator in writing and speaking.
• You have the ability to work independently but also value teamwork.
• Your problem-solving skills are excellent.
• You are looking for a job where performance appraisals occur regularly, and you look forward to advancing your career.
• You seek a community of virtue-centered co-workers and clients.

What we offer you: As part of the VSO company, you will be part of a virtue-centered team who value their work and teammates. This is a no-jerk zone. We provide ongoing learning and development opportunities to foster continuous growth. We offer competitive salaries, health benefits, and flexible work arrangements.

More About VSO: VSO is a hybrid cloud and managed services consulting firm. Much of VSO’s success can be attributed to our deep partnerships with IT services industry leaders such as AWS, IBM, Microsoft and others. VSO leverages numerous other partner relationships so as to provide our customers with optimal support. Additionally, we take pride in taking care of our employees. We offer a wide variety of benefits for eligible employees related to health, retirement, professional development, and more! For more information, please visit our website at https://vso-inc.com/careers