Information Security Officer

P3S Corporation
Box Elder, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 75K

Job location

Box Elder, United States of America

Tech stack

Microsoft Windows
Business Systems
Software Documentation
Computer Security
Information Systems
Databases
Linux
Federal Information Processing Standards (FIPS)
Firmware
Network Security
Security Content Automation Protocol
Software Vulnerability Management
SC Clearance
Information Technology
Patch Management
Nessus
Vulnerability Analysis

Job description

The ISSO will serve as the day-to-day cybersecurity steward for assigned Air Force Financial Management systems within the DAF FM AO boundary. The role supports RMF lifecycle execution, ATO package maintenance, continuous monitoring, vulnerability tracking, system security documentation, user access reviews, STIG/IAVA compliance, and incident reporting. The ISSO works under the ISSM and supports the AO/AODR in maintaining compliant, secure, and audit-ready systems. The uploaded SOW specifically requires RMF lifecycle support, authorization artifacts including SSP, RAR/RARS, POA&Ms, eMASS and ITIPS support, vulnerability management, and Secret clearance for ISSO/ISSM personnel.

Key Duties

The ISSO will:

RMF / Authorization

  • Support AO, AODR, ISSM, system owners, and program offices through all RMF phases.
  • Maintain ATO packages, including SSP, SAR/RAR, RARS, POA&M, control implementation evidence, inheritance documentation, and continuous monitoring artifacts.
  • Update and sustain eMASS and ITIPS records for assigned systems.
  • Ensure systems are operated, maintained, and disposed of in accordance with their authorization boundary and approved security authorization.

Continuous Monitoring

  • Conduct periodic control reviews and self-assessments.
  • Monitor control compliance, log review, audit activity, and security-relevant events.
  • Report system security posture, significant changes, anomalies, and risk items to the ISSM.

Vulnerability / STIG / Patch Management

  • Support vulnerability scans, risk analysis, mitigation planning, and remediation tracking.
  • Track STIG findings, IAVA/IAVB/IAVT compliance, patch status, and POA&M milestones.
  • Coordinate remediation with system owners, administrators, database teams, and program offices.
  • Use DISA STIGs/SRGs as the baseline source for hardening and compliance validation.

Configuration and Change Management

  • Review hardware, software, firmware, and architecture changes for cybersecurity impact.
  • Maintain current hardware/software inventories.
  • Coordinate with the ISSM before changes are implemented.

User Access / Account Management

  • Enforce least privilege, need-to-know, privileged-user documentation, and periodic account reviews.
  • Validate cybersecurity awareness and privileged-user training completion.

Incident Response

  • Identify, document, preserve evidence, and report cybersecurity incidents.
  • Coordinate with the ISSM, Wing Cybersecurity Office, AFCYBER, and other reporting channels as required.

Required Knowledge / Systems

  • RMF under DoDI 8510.01 and Air Force RMF processes.
  • DoDI 8500.01, DoD 8140/8570 transition, AFI 17-101, NIST SP 800-53, CNSSI 1253, FIPS 199.
  • eMASS, ITIPS, STIG Viewer, ACAS/Nessus, SCAP, HBSS/ESS, POA&M tracking, vulnerability dashboards.
  • ATO packages, SSPs, SAR/RAR, RARS, POA&Ms, control evidence, continuous monitoring plans.
  • IAVA/IAVB/IAVT tracking.
  • Windows/Linux baseline security, network security, privileged access, audit/log review.

Requirements

Do you have experience in Windows?, Do you have a Bachelor's degree?, * Bachelor's degree in cybersecurity, information technology, computer science, information systems, or related field preferred.

  • 4-7 years of cybersecurity, RMF, IA, ISSO, system security, or DoD compliance experience.
  • Direct Air Force or DoD RMF experience strongly preferred.
  • Experience supporting financial management systems, ERP systems, or mission/business systems preferred.

Certifications

Recommended minimum:

  • Security+ CE, CySA+, GSEC, SSCP, CAP/CGRC, or equivalent DoD 8140-aligned qualification.

Preferred:

  • CGRC/CAP, CISSP, CISM, CASP+/SecurityX, GSLC, or other DoD 8140-approved certifications.

DoD Manual 8140.03 is the current qualification framework for DoD cyberspace workforce roles, and DoD maintains qualification matrices for approved certification/training alignment., * Bachelor's (Preferred), * cybersecurity, RMF, system security, or DoD compliance: 5 years (Preferred)

  • ISSO: 5 years (Preferred)
    • RMF under DoDI 8510.01 and Air Force RMF processes. : 5 years (Preferred)
  • DoDI 8500.01, DoD 8140/8570 transition, NIST SP 800-53: 5 years (Preferred)
  • eMASS, ITIPS, STIG Viewer, ACAS/Nessus,: 5 years (Preferred)
  • SCAP, HBSS/ESS, POA&M tracking, vulnerability dashboards. : 5 years (Preferred)
    • ATO packages, SSPs, SAR/RAR, RARS, POA&Ms: 5 years (Preferred)
  • Windows/Linux, network security, audit/log : 5 years (Preferred)

License/Certification:

    • Security+ CE, CySA+, GSEC, SSCP, CAP/CGRC (Preferred)

Benefits & conditions

4.14.1 out of 5 stars Ellsworth AFB, SD 57706 Hybrid work $51,098.84 - $75,000.00 a year - Full-time, Pulled from the full job description

  • Referral program
  • 401(k)
  • Health insurance
  • 401(k) matching
  • Paid time off
  • Vision insurance
  • Dental insurance, * 401(k)
  • 401(k) matching
  • Dental insurance
  • Employee assistance program
  • Health insurance
  • Life insurance
  • Paid time off
  • Referral program
  • Vision insurance

Apply for this position