Job Description ECS is seeking an
Information Systems Security Officer to work in our
Fairfax, VA office.
ECS is seeking a detail-oriented Information System Security Officer (ISSO) to support cybersecurity operations for U.S. Navy information systems. The ISSO will work under the direction of the ISSM and program leadership to ensure systems meet DoD and Department of the Navy (DON) cybersecurity requirements under the Risk Management Framework (RMF).
The ideal candidate will have experience supporting Navy systems and maintaining RMF packages in eMASS, with familiarity across Navy environments such as NAVWAR, NAVAIR, NAVSEA, or Fleet Cyber Command.
- Support the implementation and maintenance of RMF in accordance with:
- DoDI 8510.01 (Risk Management Framework)
- DoDI 8500.01 (Cybersecurity)
- Assist in developing, updating, and maintaining RMF documentation, including:
- System Security Plans (SSPs)
- Security Control Traceability Matrices (SCTMs)
- Plan of Action & Milestones (POA&Ms)
- Continuous Monitoring artifacts
- Implement and validate security controls based on:
- NIST SP 800-53 Rev. 5
- NIST SP 800-37 Rev. 2
- Maintain and update system records in eMASS, ensuring accuracy and completeness
- Conduct routine security control checks and support formal Security Control Assessments (SCAs)
- Perform vulnerability management activities, including:
- Running and analyzing ACAS scans
- Applying and validating DISA STIGs/SRGs
- Tracking remediation actions to closure
- Monitor system security posture and support continuous monitoring (CONMON) activities
- Support incident response efforts in accordance with:
- DoDI 8530.01 (Cyber Incident Response)
- Navy Cyber Defense Operations processes
- Assist with audits, inspections, and cybersecurity reviews (e.g., FISMA, DON CIO inspections)
- Provide day-to-day cybersecurity support to system administrators, engineers, and developers
- Ensure proper configuration management and secure baseline enforcement across systems
Required Skills - Active Secret clearance (TS/SCI preferred)
- Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent experience)
- 5-7+ years of cybersecurity experience, with ISSO or ISSO-support experience in a DoD/Navy environment
- Hands-on experience with RMF processes and artifacts
- Experience working in eMASS
- Working knowledge of:
- NIST SP 800-53 Rev. 5 controls
- NIST SP 800-37 Rev. 2 (RMF)
- DoDI 8500.01 / 8510.01
- SECNAV M-5239.1 (DON Cybersecurity Manual)
- Experience supporting Navy or DoD systems (e.g., NAVWAR, NAVAIR, NAVSEA, USMC)
- Familiarity with:
- DISA STIGs and compliance tools
- ACAS vulnerability scanning
- Endpoint security tools (e.g., HBSS/ESS)
- Must meet DoD 8140 (formerly 8570.01-M) IAT Level II or higher requirements, such as:
- Security+ (minimum)
- CySA+
- SSCP
- CASP+ (preferred)
Desired Skills - Experience supporting Navy RMF packages and ATO processes
- Familiarity with Platform IT (PIT) or afloat/shore-based Navy systems
- Experience in DevSecOps environments or Agile development teams
- Exposure to cloud environments (AWS GovCloud, Azure Government)
- Understanding of Zero Trust principles (DoD Zero Trust Strategy)
- Experience supporting continuous monitoring and POA&M management at scale
#ECS1
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3200+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
Never miss an opportunity! Create an alert based on the job you applied for.
