Direct Report to Program Manager
Our organization is seeking an experienced Senior Information Systems Security Officer (ISSO) to
help protect our client’s data from unauthorized access. We are a woman-owned small business
(WOSB) located in Chantilly, VA. This role is onsite (at the client’s site) in Scottsdale, AZ. This is a
risk management role that involves mitigating the effects of security breaches. In this role, you will
develop, implement, and test information security measures. In addition to protecting our IT infrastructure
through security updates and firewalls, you will monitor employee access to our networks and databases,
ensuring that employees have the proper level of clearance and are compliant with our security measures.
Our ideal candidate is a CISSP, or CISM with 5-10 years of experience in information technology or
This also will include physical and environmental protection, personnel security, incident handling, and
security training and awareness. It will be required to work in close coordination with the ISSM and ISO
in monitoring the information system(s) and its environment of operation including developing and
updating the authorization documentation and implementing configuration management across authorization
boundaries. This will include assessing the security impact of those changes and making
recommendations to the ISSM.
Work in close collaboration with the Information System Security Manager (ISSM), the Chief Information Security Officer (CISO) staff, and the Information System Owner (ISO)
Create and maintain existing information system security documentation, including SSP, SCTM, and Risk Management Framework (RMF) Body of Evidence
Ensure the appropriate operational security posture is maintained for assigned information systems
Prepare system documentation for assessment in accordance with RMF and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance
Conduct periodic and continuous monitoring of the system to ensure compliance with the authorization package
Work with the cybersecurity team to perform basic system administration and maintain various cybersecurity tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities
Participate in the change management process, including reviewing change requests and assisting in the assessment of security impact of proposed changes
Conduct daily, weekly, and monthly audit reviews and management of the audit collection system for assigned systems, boundaries, and components
Work on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment
Communicate well, both verbally and in writing, with both government and industry audiences
DoD 8570.1 / DoD 8140.01 certification (IAT Level II, IAM level II, IASAE Level II)
Bachelor’s degree (preferably in IT, Cybersecurity, Computer Science, Information Systems Management, Engineering, or similar field of study) and have 4+ years’ experience with information networks and related security concerns; or a Master's degree with 2+ years’ experience
Strong background and extensive experience with RMF, ICD 503, NIST SP800-53, JSIG or DJSIG
Knowledge of current authorization practices, particularly within the DoD.
Experience with security efforts related to modern Windows, Cloud computing, Linux, UNIX, Cisco, SQL or Oracle databases, and virtual computing.
Experience implementing and using various cybersecurity tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and end-point protection
Security Clearance Requirements
U.S. citizenship and secret clearance required
The position is onsite with client in Scottsdale, Arizona. SASSI office is located in Chantilly, VA.
Commensurate with experience
Competitive benefits package including health and dental insurance, short-term and long-term
disability, life insurance, vision insurance, 2-week sabbatical after 5 years of employment and $5K bonus,
flexible work schedule in a remote (in person 1x a month) format, and paid time off.
How to Apply
Please email your resume and application to firstname.lastname@example.org and include the
words “Job Inquiry” in the subject line and a brief summary of your qualifications for the position in the
body of the email.