Cybersecurity / ISSO SME (Remote)
Description
Ibis Public Sector is seeking an Information Systems Security Officer (ISSO) to lead information security operations for a mission-critical DoD enterprise environment. This Cybersecurity Subject Matter Expert role is a key personnel position responsible for implementing the Risk Management Framework, ensuring continuous cybersecurity compliance, and managing the Authorization to Operate (ATO) lifecycle across cloud, SaaS, and PaaS assets.
What You’ll Do
- Serve as the Information System Security Officer (ISSO) for a DoD enterprise infrastructure operating on Oracle Cloud Infrastructure (OCI), ensuring systems maintain valid ATOs and ATCs.
- Lead and execute all RMF lifecycle activities, including SSP development and maintenance, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and control assessments within eMASS.
- Conduct continuous monitoring of cybersecurity controls aligned with NIST SP 800-53, DISA STIGs, FISMA, and DoDI 8510.01, maintaining systems in a constant state of compliance.
- Oversee weekly STIG and vulnerability reporting, IAVM compliance coordination, and vulnerability remediation prioritization in adherence to JFHQ-DODIN timelines (Critical ≤7 days, High ≤21 days).
- Manage and update POA&Ms within 10 business days of changes; submit monthly POA&M reports to stakeholders and integrate remediation tasks into Agile development workflows.
- Direct and mentor the Junior Cybersecurity Analyst, delegating and reviewing vulnerability reporting, compliance documentation, and audit support activities.
- Coordinate directly with the DMDC Authorizing Official (AO), ISSM, NIWC, and CSSP providers to support audits, CORA assessments, DoD IG reviews, and penetration testing activities.
- Develop and maintain Privacy Impact Assessments (PIAs) and System of Record Notices (SORNs) in accordance with DoD privacy requirements.
- Integrate cybersecurity scanning tools (ACAS/Nessus, Fortify SCC, OpenSCAP, Fortify, SonarQube) into CI/CD pipelines, enforcing shift-left security practices within the DevSecOps framework.
- Maintain eMASS documentation including control implementation evidence, STIG checklists, and scan results mapped to applicable security controls.
Who You Are
- Active DoD 8570 IAM Level II or III certification required; acceptable certifications include CISSP, CAP, CISM, GSLC, or CCISO.
- DoD 8570 IAT Level II baseline certification (e.g., Security+ CE, CCNA Security, CySA+) required.
- 5+ years of experience in DoD cybersecurity
Ibis Public Sector
Remote