Information Assurance Engineer Senior

Position Description: Information System Security Officer (ISSO)

Location: Must live within 50 mile radius of San Antonio, Texas, but work is remote.

Clearance: Secret

Certification: CompTIA Security+

Position Overview:
We are seeking a skilled and experienced Information System Security Officer (ISSO) to join our team. This individual will play a critical role in safeguarding our organization’s information systems, ensuring compliance with government standards and regulations, execution of continuous monitoring processes and mitigating identified risks to ensure confidentiality, integrity, and availability remain low risk. The ISSO is part of a team of ISSOs who provide oversight for multiple systems collaborating with cross-functional teams including software engineers and ISSMs to maintain low risk systems.

Key Responsibilities:

• Risk Assessment and Management:
• Perform comprehensive risk assessments of IT systems, networks, and applications.
• Identify vulnerabilities and implement strategies to mitigate identified risks.
• Collect and review logs and audit data for compliance checking and reporting.
• Implement and execute the Risk Management Framework for all systems.
• Compliance and Standards:
• Ensure adherence to regulatory requirements (e.g., NIST Special Publications (V NIST SP 800-53), FIPS Standards, Air Force Standards).
• Lead efforts to achieve and maintain ATO compliance for all systems.
• Prepare and present audit documentation and responses to internal and external auditors.
• Incident Response and Recovery:
• Develop, implement, and maintain incident response plans and procedures.
• Coordinate with internal and external teams to handle security incidents effectively.
• Conduct post-incident analysis and provide recommendations for future prevention.
• Collaboration and Leadership:
• Act as a liaison between IT, other teams, and stakeholders to align security goals with organizational objectives.
• Participate in strategy planning and contribute to policy development for information security.
• Manage and direct the delivery of quality security products and/or services to the customer in accordance with the agreed upon schedule.
• Leverage Tools
• Maintain system records and artifacts using eMass
• Review and interpret SCAP test results
• Review and interpret automated tool reports such as Checkmarx reports
• Review and interpret STIGS and SRGs using STIG viewer

Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (Master’s preferred).
• Minimum of 7 years of experience in information assurance, cybersecurity, or related roles.
• Security+ certification is required for this position.
• Professional certifications such as CISSP, CISM, CEH, or CISA are highly desirable.
• In-depth knowledge of information assurance frameworks and DoD risk management practices.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication and interpersonal abilities to interact with technical and non-technical stakeholders.
• Experience with eMass and STIGS/SRGs is required

Preferred Skills:

• Familiarity with AWS cloud security platform.
• Experience in DevSecOps practices and secure software development life cycles (SDLC).
• Knowledge of emerging cybersecurity threats and proactive approaches to mitigate them.