Cyber Security Analyst (ISSO)

SPN Solutions Inc. - Falls Church, VA (30+ days ago)

Job Description:

The ideal candidate for this Senior Information Systems Security Officer (ISSO) position will be a RMF Subject Matter Expert with an IAM Level III Certification and an Active DoD Secret Clearance. They will have expert knowledge and experience developing RMF documentation. They will have strong working knowledge of and experience using eMASS.

Summary: The Senior ISSO will work with our team of Senior Cyber Security Specialists to transition the Department of Defense, Defense Health Agency (DoD/DHA) systems from DIACAP to RMF. The ideal candidate will provide expert consultation across a wide range of cross-functional areas of Cyber Security services in support of this DHA Mission. The Senior ISSO will also provide project planning, guidance and technical expertise in the following areas: program, policy, process, and planning; risk management, auditing, and assessments; Assessment and Authorization (A&A) using the NIST Risk Management Framework (RMF) guidelines; and quality planning and control.

NOTE: This is a five year, fully funded contract that kicked off in October of 2017


Minimum Qualifications:

  • United States Citizenwith an active DoD Secret Clearance (A Must)
  • Bachelor's Degreein Information Technologies, Cyber Security or a related field.
  • Hold a current and verifiableDoD 8570- 01M Certification at an IAM Level III(CISM, GIAC, or CISSP).
  • Three (3) yearsexperience performing RMF Assessments and Mitigation.

Knowledge, Skills and Abilities:

  • Knowledge and experience with current NIST Federal Information Processing Standards (FIPS) and Special Publications (SP): SP800-18, SP800-37, SP800-53, SP800-53A, SP800-60, FIPS-199, FIPS-201 and FIPS-140-2, and other policies and their application to enterprise IT security.
  • Ability to write RMF Assessment Scripts and Test plans.
  • Experience with selection, implementation, validation, and establishment of DISA CCIs
  • Proficient in MSWord, Excel, Access, PowerPoint and Outlook.
  • Specialized experience in the analysis, design and implementation of security procedures of hardware and software on complex, large-scale systems in an enterprise environment.
  • Experience using
  • Experience with development of responses to POA&Ms.
  • Hands-on experience with DISA Security Requirements Guide (SRG)and DISA Security Technical Implementation Guides (STIG).


The Senior ISSO shall perform tasks in accordance with NIST SP 800-37 requirements. The work shall be completed during the period of performance. The project will be evaluated for completeness of tasks and objectives weekly.

Ensure that the appropriate operational cybersecurity posture is maintained for assigned IT systems.

Develop, update and maintain the System Security Plan (SSP) for assigned systems to include:

  • Configuration Management Plan
  • Contingency Plan
  • Contingency Plan tests
  • Continuous Monitoring Plan
  • Incident Response Plans
  • Incident Response Plan tests
  • Federal Information Processing Standard (FIPS) Information Types
  • Interconnection Security Agreements
  • Plan of Action & Milestones (POA&M)
  • Privacy Impact Assessments (PIA)
  • Risk Assessments
  • Security control baselines
  • Security control inheritance
  • Security Impact Analyses
  • Business Impact Analyses
  • SSP implementation statements
  • Technical Description narratives
  • System Description narratives
  • Hardware/Software Inventory

Conduct Contingency Plan, Recovery Plan and Incident Response tests for assigned IT systems.

Participate in Incident Response activities for assigned IT systems.

Advise system owners on all matters, technical and otherwise, involving the security of assigned IT systems. Develop standard operating procedures in accordance with security control requirements.

Perform continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect for meeting the cybersecurity requirements for assigned IT systems.

Work with technical teams to mitigate security control deficiencies for assigned IT systems.

Assess the cybersecurity impact of changes to assigned IT systems.

Conduct self-assessments of security controls, identify weaknesses and track remediation activities in Plan of Action and Milestones (POA&M).

Conduct technical vulnerability assessments and prioritize and track remediation efforts.

Manage the POA&M process for designated IT systems.

Provide the required system access, information, and documentation to security assessment and audit teams.

Participate in security assessments and audits for assigned systems and facilitate obtaining evidence for data requests.

Complete required A&A (Assessment and Authorization) activities on assigned IT systems.

Assist federal staff in assessing new applications, identifying applicable NIST SP 800-37 RMF requirements and advising system owners of the process.

Assist with development and maintain Operational Level Agreements (OLAs) and end-to- end Standard Operating Procedures (SOPs) to identify collaborative responsibilities and support process interaction with other Government and contractor IT groups.

Develop and maintain a detailed policy matrix mapping Federal, and local policies to the required security controls as identified by National Institute of Standards and Technology (NIST) SP800-53. Documents include but are not limited to: Standard Operating Procedures (SOPs) Agency Training (e.g., cyber awareness, computer incidents, malicious codes, etc.)

Why work for SPN Solutions?

SPN Solutions is an 8A Certified (SBA) Small Business that provides IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services to customers in the Defense, Federal Civilian Government and Commercial sectors. Our values are the standards that inform and inspire all of our activities and distinguish us as a corporation.

At SPN, we have an environment that fosters creative thinking, respects your contributions, and accepts nothing less than excellence in serving our customers. We demonstrate these core principles daily through our corporate Values and culture.

  • Comprehensive Health, Dental, and Vision plans available for you and your family
  • Premier 401k retirement plan with corporate matching
  • Generous vacation and sick leave plan
  • Parental leave plan
  • Company paid Life and AD&D Insurance
  • Tuition reimbursement for continuing education
  • Free gourmet coffee, tea, fresh fruits and healthy snacking alternatives

SPN Solutions Inc. is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, physical or mental disability, sexual orientation, gender identity, age, marital status, medical condition, veteran status, or any other factor determined to be unlawful by federal, state, or local statutes. SPN Solutions Inc. will treat all employees equally with respect to compensation; opportunities for advancement, including upgrading, promotion and transfer, and all other terms and conditions of employment.

Job Type: Full-time


  • eMASS: 2 years
  • DISA Security Technical Implementation Guides (STIG): 4 years
  • RMF Assessments and mitigation: 4 years
  • DoD Secret Clearance: 4 years
  • POA&M Development: 4 years
  • Selection, Implementation, Validation or DISA CCIs: 4 years
  • NIST Federal Information Processing Standards (FIPS): 4 years
  • NIST Special Publications (SP): 4 years
  • Cyber Security: 6 years
  • DISA Security Requirements Guide (SRG): 4 years


  • Bachelor's



Required work authorization:

  • United States