Information System Security Officer (ISSO)

Job Opportunity:

Information System Security Officer (ISSO)

Company:

Signal Systems Corporation Location:

Millersville, MD (in-office)

Security Clearance:

U.S. Citizenship Required; Ability to Obtain/Maintain DoD clearance

Reports To:

Information System Security Manager (ISSM) The Mission Signal Systems Corporation is seeking a mission-driven Information System Security Officer (ISSO) to safeguard our specialized networked environments. In this role, you will be the frontline defender for a small classified DoD information system, while also managing a secondary network dedicated to Controlled Unclassified Information (CUI) . The ISSO serves as the primary technical administrator for company information systems and networks while supporting the Information System Security Manager (ISSM) in maintaining compliance with applicable DoD cybersecurity requirements.

Key Responsibilities Security Controls Implementation and Maintenance:

Maintain the operational security posture for both a networked DoD Information System and a dedicated CUI network environment through the implementation and maintenance of security controls based on

NIST SP 800-53, NIST SP 800-171, RMF

requirements, and other security frameworks.

Execution of Procedures:

Implement and enforce the security plans and procedures authored by the ISSM to ensure adherence to DoD standards.

Audit & Continuous Monitoring:

Perform regular system audits, log analysis, and physical security checks to ensure no unauthorized changes or breaches have occurred. Monitor EDR, SIEM, and other security tools for alerts, anomalous activity, and indicators of compromise. Investigate and respond to potential security incidents as appropriate.

System Configuration & Vulnerability Management:

Develop and maintain secure configuration baselines throughout system lifecycle. Work with the ISSM to perform automated vulnerability scans and correct any identified deficiencies. Execute changes to information systems consistent with Configuration Control Board decisions. Security Control Assessment /

Audit Support:

Participate in periodic security control assessments, vulnerability assessments, penetration testing activities, and remediation efforts, as applicable. Validate that controls are operating as intended and maintain a robust collection of evidence. Support activities related to external security audits/assessments (e.g., C3PAO assessments, DIBCAC reviews, etc.) and the reporting of compliance metrics (e.g., SPRS scoring).

Risk Management:

Assist the ISSM in identifying, documenting, and mitigating information system risks. Participate in periodic risk assessments and provide recommendations regarding technical and procedural safeguards.

System & Network Administration:

Own the administration duties of system and network resources including, but not limited to, the following: Identity and access management for both logical and physical security Administering and maintaining network infrastructure, security appliances, and associated management systems Testing and applying software/firmware patches and updates Troubleshooting technical and operational issues System/data backups and testing Implementing and managing encryption Endpoint compliance oversight Performing log reviews and analysis Completing change management security reviews

POA&M Execution:

Carry out actions as required by Plans of Action & Milestones (POA&Ms) in a timely manner. Provide the ISSM with evidence needed to demonstrate closure of POA&Ms.

SSP Support:

Support the regular maintenance of all system security plans (SSPs) by participating in annual reviews and providing up-to-date information regarding security controls implemented, current system configurations, and other details as needed. Work with the ISSM to proactively update SSPs to reflect major changes in the environment such as personnel changes, changes in technologies, etc.

A&A Support:

Assist the ISSM in maintaining Assessment and Authorization (A&A) packages within eMASS, including artifact collection, control implementation evidence, remediation tracking, and package updates.

Incident Response & Reporting:

Primary responder to all incidents and outages involving the company's IT and network assets. Coordinate with the ISSM during incident response and reporting activities. Provide timely updates to the ISSM and executive leadership regarding ongoing response and recovery activities. Ensure accurate information is provided to the ISSM for incident reporting within the required timeframe as directed by

DFARS 252.204-7012.

Serve as a technical liaison with external parties, as needed, during incident response, investigation, and recovery. Ensure preservation of forensic evidence/logs as directed by the ISSM or other designated officials.

Physical Safeguarding:

Support the safeguarding of classified information systems, storage media, and associated physical security controls in coordination with the Facility Security Officer (FSO) and

ISSM. IT

Vendor Management:

Serve as the primary liaison with third-party IT vendors such as ISPs, hardware/software providers, cloud service providers (CSPs), etc. Function as the main technical POC for the company's MSSPs.

Required Qualifications Citizenship:

Must be a U.S. Citizen .

Security Clearance:

Active Secret clearance preferred. Must be eligible to obtain and maintain a DoD Secret clearance and be capable of meeting all requirements for access to classified information.

Education & Experience:

Bachelor's degree in Cybersecurity, Information Technology, Information Assurance, Computer Science, or a related field, plus 3+ years of relevant cybersecurity, information assurance, or systems administration experience; or an equivalent combination of education, professional certifications, and 7+ years of directly related experience supporting cybersecurity compliance, information systems security, or secure enterprise environments.

Certification:

Must possess an active CompTIA Security+ certification (or equivalent DoD 8140/8570-approved IAT Level II certification) at the time of hire or within 6 months of employment.

Compliance Knowledge:

Demonstrated experience implementing or maintaining security controls aligned with

NIST SP 800-53, NIST SP

800-171, RMF, CMMC, or comparable information security frameworks. Experience supporting cybersecurity compliance activities, audits, assessments, or authorization efforts is highly desired.

Technical Writing:

Ability to provide clear, concise feedback to the ISSM regarding system performance and compliance gaps.

Preferred Skills & Experience Classified Systems Experience:

Experience supporting classified information systems operating under NISPOM, RMF, and DCSA requirements is highly desirable. DoD /

Federal IT Experience:

Previous experience working with DoD or other Federal IT systems is strongly preferred.

DCSA Training:

Completion of coursework regarding the Risk Management Framework (RMF) for Contractors or other relevant courses.

STIG Excellence:

Familiarity with the SCAP Compliance Checker and manual STIG checklists. e

MASS:

Hands-on experience submitting and managing A&A packages using e

MASS. CMMC

Experience:

Experience supporting CMMC Level 2 assessment preparation, evidence collection, control validation, POA&M management, or remediation activities.

Experience Protecting CUI:

Hands-on experience protecting Controlled Unclassified Information (CUI) through the implementation of

NIST SP 800-171

controls. System /

Network Administration:

Experience serving as a system or network administrator, or in similar role, in a federal or highly regulated industry.

Operating Systems & Infrastructure:

Experience administering Windows Server, Active Directory, virtualization platforms, enterprise networking equipment, and endpoint security solutions.

Preferred Certifications:

CISSP, CASP+, CISM, CAP, CCP, or other advanced cybersecurity certifications. Why SSC? We are a dynamic and growing small defense contractor dedicated to delivering cutting-edge solutions to support the U.S. Department of Defense and other government agencies. Signal Systems' mission is to discover, develop, produce,and transition advanced acoustic sensor processing technology to help our defense customers keep their people safe. SSC has a 29-year history of expertise in acoustic sensors, active noise control, machine learning, and audio enhancement to provide innovative engineering solutions for both government and commercial customers. Our generous benefits, schedule flexibility, collegial relationships among staff, strong retirement program and dedication to supporting employees to find and grow into their niche within the company are important components of making SSC an excellent place to work. Our central location in Millersville, MD enables SSC employees to live in the Baltimore or Washington, DC metro areas, as well as scenic Annapolis and Maryland's Eastern Shore. Signal Systems Corporation is an EO employer - Veterans/Disabled and other protected categories. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Pay:

$115,000.00 - $170,000.00 per year

Benefits:

401(k) 401(k) matching Dental insurance Flexible schedule Health insurance Health savings account Life insurance Paid time off Relocation assistance Tuition reimbursement Vision insurance Application Question(s): Are you a U.S. citizen?

Experience:

Cybersecurity, Information Assurance, or related: 3 years (Required)

License/Certification:

CompTIA Security+ (or equivalent) certification (Preferred) Security clearance: Secret (Preferred)

Work Location:

In person