Information Systems Security Officer (ISSO) chez SMX

SMX has an opening for an Information Systems Security Officer (ISSO) to support the Radio Integration Systems (RIS) team supporting a combatant command of the United States Department of Defense. The position is in Saint Inigoes, MD, at Webster Outlying Field (WOLF) and the ideal candidate will assist in the development, implementation, and maintenance of the organization’s cybersecurity program, ensuring the confidentiality, integrity, and availability of mission-critical systems and data.  As an ISSO you will work closely with system administrators, security personnel, and program managers to enforce compliance with DoD cybersecurity policies, RMF standards, and NIST guidelines. Responsibilities include supporting system accreditation, conducting vulnerability assessments, managing POA&Ms, and integrating security controls during hardware refreshes and field deployments. The ISSO will support an active operational team and may require occasional travel to support fielded systems and mission requirements.

This position requires a DoD secret security clearance which requires US citizenship for work on DoD contracts.

Application Deadline:  October 6, 2025

Essential Duties & Responsibilities

• Review, prepare, and update RMF, JSIG and AIS accreditation packages
• Identify vulnerabilities and implement countermeasures
• Notify customer when changes occur that might affect AIS accreditation/certification
• Perform self-inspections, provide security coordination and review of all system test plans
• Conduct thorough reviews of Checklist (CKL) files, Security Content Automation Protocol (SCAP) scans, EvalSTIG outputs, and Assured Compliance Assessment Solution (ACAS) results to validate system configurations against industry and DoD cybersecurity standards Identify and mitigate vulnerabilities to maintain compliance and reduce risk across all supported systems
• Utilize the Vulnerability Remediation Asset Manager (VRAM) to document, track, and report the status of security vulnerabilities specific to Network Radio Gateway Appliances (NRGA), ensuring timely remediation and alignment with operational security requirements
• Develop and maintain detailed Plan of Action and Milestones (POA&Ms) to address identified security gaps, coordinate remediation efforts, and support ongoing Risk Management Framework (RMF) compliance
• Perform comprehensive System Impact Analyses (SIA) to assess the integration of new hardware, software, and capabilities into existing authorization boundaries, ensuring that all changes are evaluated for security implications and properly documented within RMF artifacts

Required Skills & Experience

• Clearance Required: Secret
• Cybersecurity certification: Either: CompTIA Advanced Security Practitioner (CASP+), CompuGuard Risk Certified / Certified Accreditation Professional (CGRC/CAP), Certified Cloud Security Professional (CCSP), CompTIA Cloud Plus (Cloud+), Systems Security Certified Practitioner (SSCP), CompTIA Security Plus (Security+), or GIAC Security Essentials Certification (GSEC) is required before applying
• Experience with the NIST SP800-53 Security Controls
• Experience with the continuous monitoring of system security controls
• Must be able to build and maintain effective team and customer relationships
• Ability to manage multiple projects in a dynamic, demanding environment
• Knowledge of other security disciplines and how they impact and interact with information system security
• Possess strong communications, interpersonal relations, organizational, troubleshooting, and analytical skills
• eMASS experience
• Bachelor’s degree plus (3) three years of relevant work experience OR Associates degree plus (4) four years of additional work experience (7 years total) related to the applicable labor categories required experience may be submitted for a bachelor’s degree OR No degree plus (6) six years of additional work experience (9 years total) related to the applicable labor categories required experience may be substituted for a bachelor’s degree

Desired Skills & Experience  

• Prior experience serving as an ISSO supporting tactical systems, with a strong understanding of mission-driven cybersecurity requirements
• Extensive hands-on experience with vulnerability management and endpoint protection tools, including Nessus Security Center, McAfee ePolicy Orchestrator (ePO), and eSTIG automation platforms
• Proven expertise in navigating NISPOM and executing Risk Management Framework (RMF) certification and accreditation processes across classified and unclassified environments
• Demonstrated experience managing and securing classified information systems in compliance with DoD and agency-specific security protocols
• Ability to work independently with minimal supervision, while maintaining accountability and delivering high-quality results in dynamic operational settings
• Exceptional attention to detail and strict adherence to established security policies, procedures, and documentation standards
• Strong foundational knowledge of networking concepts and cybersecurity tools, including DISA Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP), and various vulnerability scanning platforms
• Proficiency in Windows 10/11 administration and security hardening
• Experience configuring and securing Cisco compact switches, particularly in field-deployed or tactical environments
• Familiarity with stand-alone tactical systems and their unique security and operational constraints

#CJPOST #LI-KK1