Information Systems Security Officer

Job Description:

Base-2 Solutions is seeking a dedicated and detail-oriented Information Systems Security Officer (ISSO) to join our team. Our ISSOs are responsible for ensuring the security posture of mission-critical systems by supporting compliance efforts, managing risk, and enforcing security policies. We're looking for individuals who excel at navigating complex cybersecurity environments, maintaining meticulous documentation, and fostering collaboration between technical teams and government stakeholders. The ideal candidate will have strong knowledge of security regulations, be adaptable, and possess excellent communication skills to drive information security initiatives forward.

Responsibilities:

• Ensures system compliance with federal, DoD, and IC cybersecurity regulations and standards, including NIST, ICD 503, CNSS, and RMF.

• Maintains and updates security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and Continuous Monitoring Plans.

• Coordinates and supports security assessments, audits, and inspections by internal and external stakeholders.

• Conducts risk assessments and vulnerability analysis, providing recommendations for mitigating identified risks.

• Facilitates and oversees system authorization activities in accordance with the Risk Management Framework (RMF) process.

• Monitors and reports on system security posture, incident response, and remediation efforts.

• Collaborates with Information Systems Security Engineers (ISSEs), system administrators, and program managers to integrate security requirements into system lifecycle.

• Provides security awareness training to system users and enforces proper security practices.

• Acts as a liaison between the organization and government customers, ensuring timely communication of security updates and issues.

Experience with some or all of the following:

• Security frameworks and policies: NIST SP 800-53, RMF, ICD 503, CNSS, DoD STIGs, FISMA, FedRAMP

• Experience managing security documentation: SSPs, POA&Ms, Security Controls Assessment (SCA) artifacts, SARs, SCTM

• Security tools such as ACAS, Nessus, Splunk, HBSS, eMASS, Xacta

• Knowledge of security technologies: Firewalls, SIEMs, VPNs, IDS/IPS, DLP, PKI, Multi-Factor Authentication

• Operating systems: Windows, Linux, Unix, macOS

• Experience with Cloud environments (AWS, Azure, Google Cloud) and cloud security controls

• Familiarity with Vulnerability scanning, Security testing, Incident response processes

• Collaboration tools like JIRA, Confluence, ServiceNow

• Strong knowledge of system authorization process, audit support, and compliance reporting

• Security certifications such as CISSP, CAP, Security , CISM, CEH, AWS Security Specialty