Information Systems Security Officer (ISSO), Network Security, TS/SCI

Information Systems Security Officer (ISSO), Network Security, TS/SCI Data Systems Analysts, Inc. - 3.2 Norfolk, VA Job Details 16 hours ago Qualifications Authentication Document compliance management Vulnerability scanning implementation

CCNP NIST SP 800-53

Technical documentation Cisco Nexus CCNA IT system monitoring Configuration management Network infrastructure Network configuration for security systems DHCP Network scanners Computer hardware DoD 8570 DNS Vulnerability management VPN management IAT CompTIA Security+ IAT Level II Vuls IT security monitoring Full Job Description All hired employees are expected to have experience with Microsoft Copilot and / or an approved equivalent AI solution. Description Data Systems Analysts, Inc. (DSA) is seeking a TS/SCI cleared Information System Security Officer (ISSO), Network Security to support enterprise network systems in a secure DoD environment. The Network ISSO will support cybersecurity compliance, Risk Management Framework (RMF), vulnerability management, DISA STIG validation, continuous monitoring, and authorization sustainment for Cisco based network infrastructure. The Network ISSO will work closely with network engineers, cybersecurity staff, ISSMs, ISSEs, system owners, and mission partners to ensure network systems remain secure, compliant, documented, and operationally effective. This role is suited for a technical ISSO with experience in RMF, ACAS, eMASS, POA&Ms, firewall rule reviews, ports and protocols, vulnerability remediation, and secure network operations. This position is onsite in Charlottesville, VA. Responsibilities Support cybersecurity compliance, risk management, and continuous monitoring for enterprise network systems. Review and validate security configurations for Cisco routers, switches, firewalls, and related network infrastructure. Support

DISA STIG

validation, SCAP benchmarks, security baselines, and device hardening requirements. Conduct, review, and validate vulnerability scans using ACAS, Tenable Nessus, STIG Viewer, and other approved DoD tools. Analyze vulnerability findings, identify false positives, document risk, and coordinate remediation with network engineering teams. Develop and maintain RMF documentation including SSPs, POA&Ms, Continuous Monitoring artifacts, hardware and software inventories, network diagrams, and control implementation details. Support ATO package development, renewal, extension, audit readiness, and authorization sustainment activities. Review firewall rules, access control lists, ports, protocols, services, VPN connections, network flows, and boundary protection controls. Support change control reviews by assessing network changes for cybersecurity, RMF, documentation, and compliance impacts. Monitor compliance through e

MASS, ACAS, STIG

Viewer, vulnerability management tools, and other approved DoD systems. Support incident response activities by reviewing network related alerts, logs, firewall events, syslog data, authentication events, and corrective actions. Prepare security status updates, vulnerability summaries, POA&M updates, compliance reports, and risk briefings for stakeholders and leadership. Required Education, Certifications and Security Clearance BS degree in Engineering, Computer Science, or related field Experience may be substituted for degree. TS/SCI Clearance DoD 8140 (8570) IAT Level II Certification CCNA certification Requirements Experience/Qualifications Minimum 4 years of experience supporting cybersecurity, information assurance, network security, RMF, vulnerability management, or secure infrastructure operations. Experience supporting cybersecurity activities within the DoD, Intelligence Community, or other secure enterprise environment. Demonstrated understanding of DoD cybersecurity policy, RMF lifecycle, continuous monitoring, and authorization sustainment. Experience developing or maintaining SSPs, POA&Ms, Continuous Monitoring documentation, control implementation details, and authorization artifacts. Familiarity with eMASS for control tracking, package updates, risk documentation, and authorization maintenance. Hands on experience with ACAS, Tenable Nessus, STIG Viewer, SCAP, or vulnerability management processes. Experience reviewing, validating, or remediating vulnerability findings for network devices or supporting infrastructure. Experience applying or validating DISA STIGs, secure configuration baselines, and hardening guidance. Working knowledge of Cisco routers, switches, firewalls, Cisco ASA, Cisco Firepower, Cisco Secure Firewall, Cisco ISE, Catalyst, Nexus, ISR, or ASR platforms. Working knowledge of routing, switching, VLANs, ACLs, firewall policies, ports, protocols, VPNs, IPsec, NAT, DNS, DHCP, subnetting, logging, and boundary protection. Ability to review network diagrams, firewall rule sets, data flows, ports and protocols, and system interconnections for security and compliance impacts. Experience coordinating with network engineers, system administrators, ISSMs, ISSEs, system owners, and mission partners to resolve security findings. Knowledge of

NIST SP 800-37, NIST SP 800-53, CNSSI 1253, DISA

STIGs, DoD cybersecurity policy, and Intelligence Community cybersecurity requirements. Strong documentation, communication, analytical, and coordination skills. Preferred Experience/Qualifications

CCNP, CCNP

Security, Cisco CyberOps, or equivalent network security certification. CISSP, CISM, CGRC, CAP, CASP+, SecurityX, CySA+, CEH, PenTest+, or equivalent cybersecurity certification. Experience supporting DoD or Intelligence Community network environments. Experience securing, assessing, or documenting Cisco ASA, Cisco Firepower, Cisco Secure Firewall, Cisco ISE, Catalyst, Nexus, ISR, or ASR platforms. Experience reviewing firewall rules, access control policies, route tables, network diagrams, ports and protocols, VPNs, boundary security, or system interconnection documentation. Familiarity with Zero Trust principles, network segmentation, identity based access control, and modern DoD cybersecurity architecture. Experience with Splunk, Elastic, ELK Stack, OpenSearch, SolarWinds, Wireshark, NetFlow, syslog, firewall logs, or other tools used to support monitoring and incident response. Familiarity with network automation or scripting tools such as Ansible, Python, PowerShell, Terraform, or Cisco Catalyst Center. Knowledge of continuous authorization, continuous monitoring, governance, risk management, and compliance sustainment.

Applicable Military Backgrounds Army:

17C, 25B, 25D, 25H, 255A, 255N, 255

S Navy:

IT, ITS, ITN, ITR, CWT, 1820, 1880

Air Force:

1B4X1, 1D7X1, 1D7X1A, 1D7X5, 17D, 17

S Marine Corps:

0631, 0671, 0681, 1702, 1721

Space Force:

5C0X1, 17

X Coast Guard:

IT, CMS, CMM, C5I

#DSA209 #LI-KE1 Many of DSA's positions require the ability to obtain a security clearance. Security clearances may only be granted to U.S. citizens. In addition, applicants who accept a conditional offer of employment may be subject to government security investigation(s) and must meet eligibility requirements for access to classified information. DSA is proud to be an Equal Opportunity Employer. DSA is committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. DSA requires background checks , where permitted , by law. DSA is an E-Verify Employer.