Information System Security Officer / ISSO

  • Full-time

Company Description

NXTKey provides commercial and government entities with the horsepower to drive their business machine faster and more efficiently to successful outcomes.  To support our customers needs; we excel at providing Cyber Security, Enterprise Information Management, ICT Consulting, Development, Project Management and Business Process Services and Solutions.

Job Description

Information System Security Officer / ISSO duties include:

  • Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation
  • Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications
  • Evaluation of the assigned information systems’ security control compliance with the federal requirements and the client’s monitoring strategy 

  • Management of emerging and defined risks associated with the administration and use of assigned information systems 

  • Coordination with the client’s Cybersecurity Unit to achieve and maintain the information systems’ compliance and authorization to operate (ATO) 

  • Ensuring systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package 

  • Performing annual assessments to ensure compliance with the client’s policies and standards 

  • Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented 

  • Ensuring information system security requirement are addressed during all phases of information systems lifecycle 

  • Establishing audit trails, ensuring their review, and making them available while retaining audit logs in accordance of DOJ and component policies 

  • Generate and interpret documentation needed to address the items detailed within the GRC tool

  • Work within a team environment to provide technically sound guidance order to adhere to the cybersecurity industry best practices and the client’s monitoring strategy 

  • Analyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to system owners or other leadership, as required 

  • Effectively communicate orally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client’s information system monitoring strategy 

  • Support the integration/testing, operations, and maintenance of systems security 

  • Develops, updates, and maintains internal Standard Operating Procedures for all internal assigned functions 

  • Aligns business processes and information technology strategy with the conditions and circumstances of the functional environment and establishes effective performance measures 

  • Contributes to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activities 

  • Provides system operation support, administers hardware and software inventory 



Required Skills

• B.A. or B.S. in Computer Science or a related field
• System authorizations and configuration management
• Experience creating or modifying information security documentation
• Experience testing and documenting information security controls (NIST SP 800-53)

Additional Information

Active Public Trust clearance, adjudicated within past 5 years.

Must have worked on US Federal Government Projects.