Information Systems Security Administrator (ISSA)

Position Overview

The Information Systems Security Administrator (ISSA) is responsible for supporting the security, compliance, and operational integrity of organizational information systems. This role bridges IT operations and cybersecurity, ensuring systems are configured, monitored, and maintained in accordance with regulatory frameworks such as CMMC, NIST 800-171, and organizational security policies. This role is critical to maintaining the organization's cybersecurity posture and regulatory compliance, ensuring protection of Controlled Unclassified Information (CUI) and supporting mission-critical operations.

The ISSA will report to the Digital Technology Manager. The position requires a full-time work week spent in the office or hybrid with 3 days onsite. Normal hours are Monday through Thursday 7:00am-4:30pm and Friday 7:00am – 12:00pm. (Must be flexible to work additional hours as needed based on project requirements and deadlines.)

Key Responsibilities

• Support implementation and maintenance of cybersecurity controls aligned with CMMC, NIST 800-171, and other applicable frameworks
• Monitor systems and environments for security events, vulnerabilities, and compliance gaps
• Assist in maintaining system security plans (SSP), policies, procedures, and supporting documentation
• Administer user access controls, account provisioning/deprovisioning, and least privilege enforcement
• Support endpoint and mobile device management (e.g., Microsoft Intune, MAM/MDM policies)
• Assist with incident response activities, including investigation, containment, and reporting
• Conduct routine system audits, vulnerability scans, and remediation tracking
• Ensure secure configuration, patching, and hardening of systems and applications
• Support implementation and monitoring of MFA, encryption, and data protection controls
• Collaborate with IT and business units to ensure secure system integrations and operations
• Assist with third-party/vendor security reviews and compliance requirements
• Support internal and external audits, assessments, and C3PAO readiness efforts

Skills and Qualifications Required

• Bachelor's degree in Information Technology, Cybersecurity, or related field (or equivalent experience)
• 3 years of experience in system administration, cybersecurity, or compliance-focused IT roles
• Working knowledge of cybersecurity frameworks (CMMC, NIST 800-171, NIST 800-53)
• Experience with Microsoft 365 (GCC preferred), Azure AD, and endpoint management tools (Intune)
• Familiarity with vulnerability management, patching processes, and system hardening
• Understanding of access control, authentication (MFA), and identity management
• Strong attention to detail and compliance mindset
• Ability to balance security requirements with operational needs
• Effective communication across technical and non-technical teams
• Proactive problem-solving and continuous improvement approach documentation and organizational skills
• S. Citizenship is required. Candidates must be eligible to obtain and maintain a U.S. Government security clearance, if required for the position.

Preferred Qualifications

• Experience supporting CMMC Level 2 environments or similar regulated environments
• Familiarity with tools such as Microsoft Defender, SIEM platforms, and compliance tools (e.g., IntelliGRC)
• Relevant certifications (Security , CySA , CISSP, or similar)
• Experience with audit preparation and evidence collection

Physical Requirements

• Prolonged periods sitting at a desk and working on a computer
• Must be able to lift up to 30 pounds at times.
• Must be able to access and navigate each department at the organization's facilities.

The MSI Operating Code

Every employee at MSI is expected to operate in accordance with the MSI Operating Code. These seven principles define how we think, decide, and execute. They are not aspirational. They are the working standard by which all employees are evaluated.

The Seven Principles

• Own It. If a problem touches your function, it is yours until it is solved or explicitly transferred. Do not wait. Do not delegate upward. Do not hide behind process. Ownership means driving to resolution, not monitoring status.
• Kill the Wrong Fight. Before optimizing a solution, question whether the problem is yours to solve. If an opportunity requires MSI to become something we are not, kill it fast. The discipline to say no is what protects our ability to say yes to the right things.
• Move Before You're Told. Speed is MSI's compounding advantage. We move when directionally correct and adjust in motion. Leaders who wait for permission are not leading. We would rather correct a fast decision than wait for a perfect one.
• Solve Before You Contract. Prove the integration works before formalizing the relationship. Capability first, paperwork follows. Working capability is the strongest negotiating position and the most honest form of business development.
• Integrate First. MSI's moat is not any single technology. It is the ability to integrate modular systems faster and more effectively than anyone else. Every decision should reinforce our position as the integration hub.
• Say It Now. Silence is not alignment. If you disagree, say so, with data, with reasoning, and with an alternative path. Passive execution is institutional risk.
• Build Beyond Yourself. If your function depends on your presence to operate, you have not built anything. Develop your people. Document your processes. Create depth that survives your absence.

Benefits

• 401(k) with employer match
• Dental Insurance
• Disability Insurance
• Health Insurance
• Vision Insurance
• Paid Parental and Maternity Leave
• Life Insurance
• Paid Time Off – 120 hours per year to start (prorated in first year of employment)
• Continuing Education
• Annual Year End Paid Holiday Closure

Classification

• Position is full-time, Exempt

MSI Defense Solutions is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, age, marital status, political affiliation, sexual orientation, gender identity, genetic information, disability or protected veteran status. We are committed to providing a workplace free of any discrimination or harassment.