The selected candidate will not be required to be in the office in Vicksburg every day but must be within driving distance of Vicksburg for regular onsite team meetings and in person work sessions.

Overview

We are seeking a Cybersecurity Specialist with DoD Information Systems Security Officer (ISSO) level experience to support the cybersecurity compliance, authorization, and continuous monitoring of classified and/or unclassified DoD information systems. The ISSO will execute Risk Management Framework (RMF) activities, maintain system security documentation in eMASS, and collaborate with system owners, engineers, and ISSMs to ensure systems remain compliant with DoD cybersecurity requirements.

Key Responsibilities

• Serve as the primary cybersecurity compliance lead for assigned information systems under DoD RMF.
• Develop, update, and maintain RMF artifacts including (as applicable): SSP, SAP, SAR, POA&M, RAR, control implementation statements, and supporting evidence.
• Manage and track RMF workflow in eMASS: package creation, control inheritance, artifact uploads, POA&M management, and status reporting.
• Coordinate and support ATO activities, including preparation for assessor interactions and facilitating remediation of findings.
• Perform and document continuous monitoring activities: periodic control assessments, configuration compliance checks, vulnerability tracking, and audit log review coordination.
• Support security control implementation and validation for NIST SP 800-53 controls (aligned to applicable DoD baselines).
• Participate in change management: evaluate security impact of system changes, update documentation, and coordinate reauthorization actions as required.
• Review security scans and artifacts (e.g., ACAS/Nessus outputs, SCAP results, STIG checklists), validate remediation actions, and ensure results are reflected in POA&Ms.
• Ensure systems meet applicable DoD/Federal requirements (e.g., DoD RMF policy, NIST guidance, DISA STIGs, platform hardening requirements).
• Provide cybersecurity guidance to system owners and technical teams on control implementation, documentation, and audit readiness.
• Produce metrics and executive-level reporting on compliance status, risk posture, POA&M trends, and ATO timelines.

Required Qualifications

• 3+ years (adjust as needed) of cybersecurity / information assurance experience supporting DoD information systems.
• Demonstrated hands-on experience executing RMF end-to-end and managing packages in eMASS.
• Working knowledge of:
• NIST SP 800-53 security controls and assessment processes
• DoD RMF process, ATO lifecycle, and continuous monitoring expectations
• DISA STIGs, SCAP, vulnerability management processes
• Experience creating and maintaining RMF documentation (SSP, POA&M, SAR/SAP, etc.) and coordinating evidence collection.
• Strong communication skills; ability to translate compliance requirements into actionable tasks for technical teams.
• Ability to manage multiple systems and competing deadlines in a structured, detail-oriented way.

Preferred Qualifications

• Experience supporting classified systems, cross-domain solutions, or mission systems.
• Familiarity with ACAS, HBSS/ESS, endpoint security tooling, SIEM workflows, and audit log review processes.
• Experience with control inheritance, overlays, and boundary/architecture documentation for complex environments.
• Understanding of FedRAMP Moderate/High or CNSSI 1253 alignment (where applicable).
• Prior work with assessors/3PAOs, SCA-V, or internal assessment teams.

Certifications (Required or Preferred — choose what fits)

• IAT/IAM compliant certification (per contract), such as:
• Security+ CE, CySA+, CASP+, CISSP, CISM (or equivalent)
• Additional preferred: CAP, CISSP-ISSEP, CCSP, vendor-specific security certs.

Clearance

• Active DoD Secret clearance required.
• Must be able to obtain and maintain required clearance and access.

Work Location

• Onsite / Hybrid / Remote: Hybrid
• Duty location: Within driving distance of Vicksburg, MS

What Success Looks Like

• RMF packages are accurate, audit-ready, and current in eMASS.
• POA&Ms are actionable, tracked, and trending down over time.
• System teams clearly understand security requirements and implement controls efficiently.
• ATOs are achieved and maintained with minimal disruption to mission.