Information System Security Officer

Job Summary

The Information System Security Officer 1 (ISSO) supports the continuous monitoring and authorization efforts of multiple classified information systems under the direction of the Information System Security Manager (ISSM). The ISSO performs a variety of technical and non‑technical cybersecurity functions and assumes ISSM responsibilities in the ISSM’s absence.

• Assist the ISSM in meeting their duties and responsibilities; assume ISSM duties when absent.
• Ensure systems are operated, maintained, and disposed of in accordance with security policies and the security authorization package.
• Attend required technical and security training related to assigned duties.
• Verify that all users possess the requisite security clearances, authorizations, and need‑to‑know before granting system access.
• Conduct periodic reviews of information systems to ensure compliance with the security authorization package.
• Coordinate changes or modifications to hardware, software, or firmware with the ISSM and AO/DAO before implementation.
• Formally notify the ISSM and AO/DAO of changes that might affect system authorization.
• Monitor system recovery processes to ensure security features and procedures are properly restored.
• Maintain current and accessible IS security‑related documentation for authorized personnel.
• Conduct Audits and Continuous Monitoring (Con Mon) activities using available technical and non‑technical processes; report findings and perform incident response steps as directed.
• Manage configuration baselines for hardware and software; identify system architecture flaws using industry standard tools (e.g., STIG, SCAP, Nessus) and forward findings to the ISSM.
• Perform other duties as assigned.

• Understanding of information security concepts such as RMF and DIACAP.
• Awareness of audit technologies or capabilities (e.g., Splunk, event viewer).
• Basic understanding of information technology.
• Awareness of network type designations (WAN, LAN) and associated infrastructure (servers, switches, firewalls).

• Bachelor's degree in Information Technology or a related field (equivalent industry experience may be substituted).
• 1–3 years of relevant industry experience required.
• Preferred experience with RMF (NIST SP 800-53, JSIG, DAAG, ICD-503), incident response, vulnerability management, SCAP, STIG, and security‑relevant tools.
• Ability to acquire an IAM I/IAT II Certification within 6 months of start date.

Applicants must obtain and maintain a government security clearance. Current in‑scope Top Secret security clearance is required.

City:
Cambridge, State:
Massachusetts, ZIP:
Base salary range: $75,000.00 - $ (range varies by location, role, experience, and skills).

Draper is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment. To request reasonable accommodation, please contact  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, national origin, veteran status, or genetic information.