Information System Security Officer, Senior (ISSO)

Overview

The Senior Information Systems Security Officer (ISSO) plays a critical role in supporting the CJIS Division's cybersecurity initiatives. This role focuses on implementing security frameworks, mitigating vulnerabilities, ensuring federal and agency compliance, and supporting secure system development practices within hybrid and cloud environments. By integrating advanced technical knowledge and risk management expertise, the ISSO safeguards CJIS systems, ensuring their confidentiality, integrity, and availability.

Aligned with Cayuse's core values, excellence, innovation, and collaboration, this position supports federal operations by providing proactive, reliable, and security-focused solutions to achieve federal cybersecurity objectives.

Responsibilities

• Oversee the implementation and enforcement of security policies and Security Assessment and Authorization (SAA) efforts, ensuring full compliance with federal guidelines and operational standards.
• Assist in the engineering, development, and integration of security requirements for new or modified systems, ensuring these systems meet security mandates.
• Perform advanced vulnerability assessments, penetration tests, and risk analyses using tools like Tenable Security Center, Splunk, and BigFix to identify weaknesses and recommend mitigation strategies.
• Collaborate with system owners and stakeholders to evaluate risks, develop mitigation strategies, and ensure system compliance with security policies and frameworks.
• Maintain expertise in security frameworks such as NIST RMF, OWASP, DISA, Common Criteria, and SANS Institute, applying these standards to ensure system controls remain robust.
• Support the Security Assessment and Authorization (SAA) processes for CJIS information systems by ensuring conformance with federal security policies, regulations (e.g., FISMA), and standards.
• Develop and maintain secure systems using CI/CD pipelines and virtualization strategies in cloud environments, including AWS, Microsoft Azure, and other cloud-based technologies.
• Monitor, identify, and respond to threats, incidents, and vulnerabilities, ensuring effective management of operational security for CJIS IT systems.
• Plan and conduct secure code reviews, system testing, and design assessments to verify alignment with security frameworks, policies, and technical controls.
• Maintain operational security tools and solutions, such as endpoint detection systems, audit logs, multi-factor authentication, and Zero Trust models, to support dynamic environments.
• Prepare and provide technical briefings, security plans, and risk assessment reports for stakeholders and leadership teams to support decision-making and compliance.
• Participate in Scaled Agile Framework (SAFe) workflows, embedding secure development practices and ensuring secure application lifecycles.
• Train and mentor junior ISSOs and peer professionals, fostering a culture of continuous improvement and knowledge sharing.

Qualifications

Minimum Education Requirements:

• Bachelor's Degree in Information Technology, Cybersecurity, or a related field (equivalent work experience may substitute for formal education).

• • Master's in Cybersecurity, Computer Science, or a related field, preferred

Minimum Experience Requirements:

• Minimum of 6+ years of hands-on experience in information security, including assessments, monitoring, and risk mitigation.

• Expertise with NIST Risk Management Framework (RMF) and federal compliance auditing tools and processes.
• Strong technical knowledge of networking, system administration, and secure system development techniques.

• 10+ years in cybersecurity, including advanced technical positions focused on cloud technologies and large-scale federal IT systems, preferred

Certification Requirements:

• Certified Information Systems Security Professional (CISSP) highly recommended.
• Cloud-based certifications, such as AWS Security or Microsoft Azure certifications, preferred.
• Advanced certifications (e.g., Certified Ethical Hacker [CEH], Cloud Security Alliance certifications), preferred
• CISSP specializations or virtualization certifications (e.g., VMware), preferred

Technical Skills:

• Expertise in Scaled Agile Framework (SAFe) and agile development environments.
• Experience with CI/CD pipeline management and cloud-based security architecture.
• Familiarity with advanced vulnerability management tools, including Tenable, Splunk, or similar.
• Exceptional ability to translate technical cybersecurity concepts for diverse audience levels.
• Familiarity with integrated tools like Jira, Azure DevOps, Confluence, BigFix, and Microsoft Defender.

Human Relationship Skills:

• Highly motivated and is at ease with handling or managing multiple tasks at any one time
• Self-starter with the ability to learn new tasks and skills.
• Strong organization and communications skills.
• Team Player

Additional Abilities:

• Must be able to pass a background check and additional background checks as required by projects and/or clients at any time during employment.
• Active Top Secret clearance

Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Affirmative Action/EEO Statement: Cayuse is an Equal Opportunity Employer. All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law.

Pay Range

USD $160,000.00 - USD $200,000.00 /Yr.