Information System Security Officer (ISSO)

External

Caci · Washington, DC

ContractOn-siteToday

ComplianceDocumentationEncryptionIncident ResponseInformation SecurityPenetration Testing

Cover Letter Connect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

CACI is seeking an Information System Security Officer ( ISSO) who will oversee the cybersecurity posture of a mission-critical web-based application supporting an Intelligence Community customer, ensuring compliance with RMF, NIST 800-53, and other applicable government security requirements. This role is responsible for maintaining security documentation, supporting authorization activities, conducting risk and vulnerability assessments, managing access controls, monitoring security events, and responding to incidents within a classified environment. The ISSO will also collaborate with system administrators, developers, and government stakeholders to implement security controls, support continuous monitoring efforts, and integrate cybersecurity requirements throughout the system lifecycle.

Responsibilities

Develop, implement, and maintain the System Security Plan (SSP) and related authorization documentation for RM-Online, including continuous monitoring plans and incident response procedures.

Conduct regular risk assessments, vulnerability scans, and security control assessments to identify and remediate threats to classified information handled by the system.

Coordinate with ITD Lead on Certification and Accreditation (C&A) processes to achieve and sustain Authority to Operate (ATO) status on USG mission network.

Manage user access controls, authentication mechanisms, and audit logging aligned with USG mission network protocols, ensuring least privilege and role-based access.

Respond to security incidents, perform root cause analysis, and implement corrective actions within established timelines (e.g., 24-72 hours for critical incidents).

Provide security awareness training to system users and maintain compliance with USG security standards, including handling of classified data.

Support system updates, patches, and enhancements by evaluating their impact on security controls and integrating them without compromising the USG mission network environment.

Design and implement technical security architectures for RM-Online, ensuring secure integration with the agency's existing USG mission network infrastructure, including network segmentation, encryption protocols, and access control mechanisms.

Engineer and configure security controls (technical, operational, and management) as documented in the System Security Plan (SSP), ensuring alignment with NIST 800-53 baseline requirements and agency-specific security policies.

Conduct security engineering assessments during system development, deployment, and modification phases, identifying vulnerabilities and recommending mitigations prior to operational deployment.

Collaborate with development teams to incorporate security requirements into the Software Development Lifecycle (SDLC), including secure coding practices, threat modeling, and security testing (e.g., penetration testing, code reviews).

Implement and maintain cryptographic solutions, Public Key Infrastructure (PKI), and encryption standards for data at rest and data in transit within the classified environment.

Evaluate and integrate security patches, updates, and system changes, ensuring they do not introduce new vulnerabilities or degrade existing security posture.

Support the Certification and Accreditation (C&A) process by providing technical documentation, security test results, and remediation plans to achieve and sustain Authority to Operate (ATO) on USG mission network.

Monitor and analyze system logs, intrusion detection/prevention system (IDS/IPS) alerts, and security events to identify anomalies, investigate potential breaches, and recommend corrective actions.

Deliver technical security training and knowledge transfer to system administrators and end users as required to maintain operational security awareness.

Information System Security Officer (ISSO)

About the role

Responsibilities

Requirements

Benefits

Additional Information

Your Match

Company Intel

What employees say

Interested in this role?