What are the responsibilities and job description for the Information Systems Security Officer (ISSO) position at Radiance Technologies?
Radiance Technologies, a 100% employee-owned company, is seeking an Information Systems Security Officer (ISSO) to support cybersecurity operations for an organization within the US Army Space and Missile Defense Command Technical Center. The ISSO will assist in safeguarding DoD information systems, ensuring cybersecurity compliance, and implementing DoD cyber policies and standards throughout system lifecycles. This position requires deep knowledge of cybersecurity principles, DoD cybersecurity documentation, and proactive risk management in support of secure system integration and sustainment.
Responsibilities
Responsibilities
- Primary duties will be producing, developing, and maintaining all security authorization documentation—to include the System Security Plan (SSP), Plan of Action and Milestones (POA&M), Security Assessment Plan, and other artifacts required for the Security Authorization Package. This individual will be responsible for preparing and submitting the complete package to the Authorizing Official (AO) through the Security Control Assessor (SCA).
- Support Information Systems Security Managers (ISSMs) in executing cybersecurity responsibilities across assigned systems.
- Implement and enforce DoD cybersecurity policies and procedures for Information Systems (IS) and Platform IT (PIT) systems.
- Verify users possess the appropriate security clearances, access authorizations, and are trained in cybersecurity responsibilities before accessing DoD systems.
- Coordinate with ISSMs to initiate corrective actions or protective measures in response to cybersecurity incidents or vulnerabilities.
- Ensure proper reporting channels exist and are followed for all cybersecurity threats and events.
- Maintain up-to-date cybersecurity-related documentation and ensure accessibility to authorized users.
- Review and analyze reports from penetration tests, static code analysis, and vulnerability scans.
- Analyze network architecture, data flows, organizational charts, and personnel assignments for potential cybersecurity vulnerabilities.
- Participate in continuous improvement of system security postures and assist in securing custom-developed applications.
- Perform other duties as assigned.
- Strong understanding of DoD cybersecurity regulations, standards, and tools.
- Experience with RMF, vulnerability management, system hardening, and secure coding practices.
- Excellent communication and coordination skills across functional teams.
- Ability to assess, document, and mitigate cybersecurity risks in complex environments.
- U.S. Citizenship and active Top Secret/SCI clearance.
- It is essential the candidate has worked with accrediting special access required information systems as the nuances between it and collateral systems differ.
- DoDM 8140.03 Work Role Code 722 (Information Systems Security Manager), Intermediate Level.
- At least 5 years of experience supporting the full cybersecurity life cycle for DoD systems.
- At least 5 years of progressively complex experience in developing, integrating, and implementing cybersecurity and program protection standards for networks, computing environments, and application development.
- Hold at least one of the following: Security , SSCP, GSEC, Cloud , CGRC (CAP), CCSP, CASP , CCISO and supported with required continuing education since issuance.
- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering.
- Candidates possessing advanced certifications to meet Information Assurance Technical Level 3 certifications (CASP CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP) will be given preference.
- Experience with ATO packages, RMF documentation, vulnerability assessments, and continuous monitoring.
- Familiarity with DoD cyber compliance tools such as ACAS, eMASS, and HBSS.
- Experience with securing custom application development environments and DevSecOps practices.
