Job Title: Information System Security Officer (ISSO)
Location: On-Site – Seaside, CA (DoD Center – Monterey Bay)
Clearance Required: Active Secret
Employment Type: Full-Time
Overview
Cornerstone Technology Enterprises is seeking experienced cybersecurity professionals to support a large Department of Defense enterprise cybersecurity program for our government customer. For this position, we are hiring an Information System Security Officer (ISSO) to drive day-to-day Risk Management Framework (RMF) compliance and keep mission applications authorized and audit-ready. If you know your way around eMASS, POA&Ms, and security controls — and you like being the person who keeps authorizations on track — this role is built for you.
Working on-site at the DoD Center – Monterey Bay in Seaside, CA, you will serve as the ISSO interface between program and product owners and the Cybersecurity Division — managing eMASS packages across the customer’s NIPR and SIPR instances, tracking security controls and POA&Ms, and shepherding systems through and beyond their Authorization to Operate (ATO). You will not be responsible for developing system-specific artifacts or obtaining accreditations — those belong to the program owners — but you will play a central role in keeping RMF activities moving and authorization packages progressing.
You’ll support one of the Department of Defense’s largest enterprise environments, spanning approximately 15,000 network and endpoint devices, hundreds of mission applications, and globally deployed identity management systems secured across more than 100 RMF authorization boundaries.
Candidates with an ISSO, ISSM support, RMF analyst, information assurance, or cybersecurity compliance background are strongly encouraged to apply. This role is classified under a contract labor category as Junior Cyber Security Specialist and is performed on-site at Seaside, CA.
What You Will Do
RMF & Authorization Management (~35%)
- Monitor RMF authorization status through eMASS and maintain a schedule of actions and timelines to obtain and sustain system and application authorizations
- Create and maintain eMASS entries, associating required artifacts to the relevant Common Control Identifier (CCI) security controls
- Advise program stakeholders on DoD cybersecurity and ATO requirements and identify missing information in eMASS
POA&M & Controls Management (~25%)
- Keep POA&M entries current in eMASS, report on POA&M status, and submit closure or extension workflow requests (ECD extensions at least 5 business days before the due date)
- Develop STIG/control crosswalks mapping security controls to application functionality, and update controls and POA&Ms as mitigations are completed
- Explain non-compliant controls, propose solutions, and align roadmaps, eMASS timelines, and POA&Ms with stakeholders
Stakeholder Coordination & RMF Operations (~20%)
- Serve as liaison between program/product owners and Cybersecurity Division stakeholders for coordination of eMASS activities
- Organize and manage RMF meetings — scheduling, notes, templates, and agendas — and maintain the resulting artifacts
- Provide RMF policy and eMASS subject-matter expertise to program teams and build repeatable templates for requirements shared across applications
Quality Assurance, Risk Analysis & Reporting (~20%)
- Conduct quality assurance on RMF submissions (e.g., code scans, ACAS scans, network diagrams, PPSM, HW/SW lists, STIGs, and POA&Ms) and provide feedback on completeness
- Analyze risk in program ATO packages, provide prioritized remediations, and recommend ATO conditions in the ISSO Report
- Support Security Assessment Plans (SAP) and Security Assessment Reports (SAR), and conduct quarterly sampling of documentation against applicable security controls
Required Qualifications
- Active Secret clearance
- U.S. citizenship (required for CAC, DoD network, and SIPRNet access)
- Ability to work on-site in Seaside, CA
- 2+ years of experience in RMF / Assessment & Authorization, ISSO or ISSM support, or information assurance in a DoD or federal environment
- Hands-on experience with eMASS (or equivalent RMF/A&A management tools), including maintaining authorization packages, security controls, and POA&M workflows
- Working knowledge of the RMF process (NIST SP 800-37 and the NIST SP 800-53 control catalog) and the ATO lifecycle
- Familiarity with DISA STIGs and security control assessment
- Strong documentation, organization, and stakeholder-communication skills
- CompTIA Security+ (or ability to obtain within 30 days of start) to meet the DoD 8140/8570 IAM Level I baseline
Preferred Qualifications
- Experience as an ISSO supporting DoD systems through ATO and continuous authorization concepts (cATO)
- eMASS administration experience (System Admin role, account provisioning) and familiarity with DISA Continuous Monitoring & Risk Scoring (CMRS)
- Knowledge of Common Control Identifiers (CCIs), PPSM, and STIG/control crosswalks
- Alignment to DCWF Work Role 722 (Information Systems Security Officer); certifications such as CGRC (formerly CAP), CISSP, or CISM
- Experience supporting continuous monitoring, vulnerability management, or DevSecOps security integration
- Experience preparing or reviewing SSPs, SAPs, SARs, and authorization packages
- Experience supporting a large-scale DoD IT operations program in a federal/DoD environment
Why Join Cornerstone?
Cornerstone Technology Enterprises is a veteran-owned small business with deep experience supporting federal and defense missions. Our teams operate inside production environments, supporting systems that matter, while maintaining a culture that values trust, accountability, and technical excellence.
This role places you at the center of how mission systems earn and keep their authorization to operate, directly supporting the program owners who depend on getting it right. It is an opportunity to deepen your RMF and A&A expertise on a national-level DoD mission, with room to grow toward ISSM and security control assessor responsibilities.
Pay: $85,000.00 - $99,500.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Employee discount
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Retirement plan
- Vision insurance
License/Certification:
- CompTIA Security+ (Required)
Security clearance:
Work Location: In person