Information Systems Security Officer
Role details
Job location
Tech stack
Job description
We are seeking a part-time Information Systems Security Officer (ISSO) to support our DoD Mission Services team. The ISSO will be responsible for helping ensure the confidentiality, integrity, and availability of information systems supporting Department of Defense programs. This position requires strong knowledge of cybersecurity principles, the Risk Management Framework (RMF), and the Authorization to Operate (ATO) lifecycle.
The ISSO will initially support two systems through the ATO process, with the expectation of supporting additional systems as the program portfolio grows.
As a professional, the selected candidate will work independently to solve complex security challenges while collaborating with system owners, engineers, and program leadership to maintain compliance with DoD cybersecurity, * RMF & ATO Support - Serve as theprimary cybersecurity lead for assigned systems, guiding system owners and engineering teams through the RMF lifecycle to achieve and sustain ATO authorization.
- System Security Documentation - Develop, maintain, and continuously refine the System Security and Privacy Plan (SSPP) and associated RMF artifacts, including control implementations, assessment documentation, and continuous monitoring evidence.
- Risk & Vulnerability Management - Manage the Plan of Action and Milestones (POA&M) to track and remediate identified security weaknesses. Analyze vulnerability scan results and perform security impact assessments for system changes.
- Continuous Monitoring - Execute continuous monitoring activities, including control validation, security posture evaluations, and coordination with system administrators and engineering teams.
- Security Assessments - Conduct and support security assessment activities, including internal audits and control evaluations, to ensure compliance with DoD cybersecurity policies and standards.
- Incident Response - Support the investigation, reporting, and mitigation of cybersecurity incidents, ensuring accurate documentation and coordination with program leadership and security stakeholders.
- Stakeholder Communication - Communicate complex cybersecurity requirements effectively to both technical and non-technical stakeholders to support compliance and mission success.
Requirements
- US Citizenship
- Ability to obtain and maintain a DoD security clearance.
- Bachelor's degree with 8+ years of experience or
- Master's degree with 6+ years of experience or
- PhD with 3+ years of experience
- RMF / ATO Experience
- Hands-on experience implementing the Risk Management Framework (RMF) and supporting ATO authorization for DoD or federal systems.
- Ability to work independently with minimal supervision while effectively collaborating with system owners, engineers, and program leadership.
Preferred Experience
- Experience supporting systems that process or store Controlled Unclassified Information (CUI) and familiarity with DoD cybersecurity compliance standards is highly desirable.
Technical Knowledge, * NIST cybersecurity frameworks and guidance (SP 800-53, SP 800-37)
- System security documentation and control implementation
- Network security principles and operating system security
- Problem Solving
- Demonstrated ability to analyze complex cybersecurity issues and apply sound technical judgment., * CISSP - Certified Information Systems Security Professional
- CompTIA Security+ CISM - Certified Information Security Manager
- CISA - Certified Information Systems Auditor
Clearance Level
TS/SCI, This position requires access to information that is subject to compliance with the International Traffic Arms Regulations ("ITAR") and/or the Export Administration Regulations ("EAR"). In order to comply with the requirements of the ITAR and/or the EAR, applicants must qualify as a U.S. person under the ITAR and the EAR, or a person to be approved for an export license by the governing agency whose technology comes under its jurisdiction. Please understand that any job offer that requires approval of an export license will be conditional on AeroVironment's determination that it will be able to obtain an export license in a time frame consistent with AeroVironment's business requirements. A "U.S. person" according to the ITAR definition is a U.S. citizen, U.S. lawful permanent resident (green card holder), or protected individual such as a refugee or asylee. See 22 CFR § 120.15. Some positions will require current U.S. Citizenship due to contract, U.S. Citizenship is required. Secret or Top Secret clearance, or the ability obtain a clearance is desired.
