Information Systems Security Officer; ISSO

Applied Research Associates (ARA), Inc. has an immediate need for an Information Systems Security Officer (ISSO) to support the Integrated Mission Systems (IMS) Sector on-site in Raleigh, NC. This position supports information systems operating across classified environments ranging from collateral, Secret through Top Secret/SCI, requiring a strong understanding of both enterprise RMF processes and controlled classified system operations.

The ISSO’s will support the Information System Security Manager (ISSM) in maintaining an appropriate operational security posture for multiple information systems and networks. This role blends hands-on technical security implementation with governance, risk, and compliance (GRC) responsibilities and requires the ability to operate independently, prioritize competing requirements, and provide authoritative security guidance in classified environments.

The ISSO’s Will Provide Mission-critical Support By

• Maintain and oversee the security posture of information systems operating in classified areas, including SCI environments, ensuring systems remain compliant throughout Authority to Operate (ATO) and Authority to Connect (ATC) life cycles.
• Lead and execute RMF activities including security control selection, tailoring, implementation, assessment, and continuous monitoring in accordance with DoDI 8510.01, CNSSI 1253, NIST SP 800-53, and applicable overlays.
• Develop, review, and maintain security authorization documentation including System Security Plans (SSP), POA&Ms, Continuous Monitoring Plans, Risk Assessments, and IA SOPs.
• Perform and oversee vulnerability assessments using Tenable Nessus, DISA Security Technical Implementation Guide (STIGs), and SCAP Compliance Checker, ensuring findings are documented, tracked, and remediated.
• Implement, validate, and monitor secure configurations for operating systems, network devices, and applications in accordance with DISA STIGs and approved baselines.
• Conduct periodic self-inspections, audits, and system reviews to verify compliance with approved security authorization packages and applicable regulatory guidance.
• Coordinate security-relevant changes to hardware, software, and firmware with the ISSM, system owners, and AO/DAO prior to implementation.
• Support compliance with DAAPM/DAAG, NISPOM, ICDs and other applicable government regulations and customer requirements.
• Collaborate with Facility Security Officers (FSO), Program Security Officers (PSO), system owners, and engineering teams to align operational needs with security requirements.

• US Citizen with an active DoD Secret clearance.
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field with 2-4 years of ISSO, Information Assurance, or other GRC related-roles, equivalent professional experience (8-10 years) will be considered for talented candidates without a degree.
• Possess DoD Approved Baseline Certification as Information Assurance Manager Level I or IATT Level II in accordance with DoD 8570.01-M. (CompTIA Security+).
• Strong working knowledge of the Risk Management Framework (RMF) DODI 8510.01, CNSSI 1253, NIST SP 800-53, and DOD and IC Security regulations.
• Demonstrates years of experience supporting information systems within classified environments.
• Demonstrates years of experience conducting continuous monitoring, system audits, risk analysis, and POA&M management.
• Strong written and verbal communication skills and ability to brief leadership and technical teams.

• 2+ years’ experience as an ISSO, Information Assurance, or other GRC related role.
• Active DoD Top Secret clearance with SCI eligibility.
• Possess CISSP or CISM in addition to Baseline Certification.
• Experience with eMASS and/or XACTA.
• Experience using Splunk for data analysis, monitoring, and reporting.
• Strong background in Windows/Linux systems and network security.