Fso Isso Issm Jobs (NOW HIRING)

Job Summary:
Apogee Research, LLC is a leading organization bringing cutting-edge research into practice for the DoD community. They are seeking a highly skilled Information System Security Manager (ISSM) to lead cybersecurity Assessment and Authorization efforts for the Department of Defense aviation platforms, ensuring operational security for information systems and coordinating with various stakeholders.
Responsibilities:
• Ensure users follow established information security policies and procedures to protect, operate, maintain, and dispose of systems and data in accordance with security policies and practices as outlined in the assessment and authorization document packages.
• Develop and maintain relationships with DOD and Intelligence Community agencies for the purpose of obtaining and maintaining authority to operate (ATO) on Apogee classified systems and operational systems for DOD customers.
• Work with US Government Security Control Assessors (SCAs) and Authorizing Officials (AOs) to develop a comprehensive Risk Management Framework (RMF) package including System Security Plans (SSPs), Information Continuous Security Monitoring Plans, and a body of evidence to support system authorization.
• Configure and secure LAN, WAN, and/or standalone machines in accordance with the developed SSPs and the Security Control Traceability Matrix (SCTM).
• Develop, review, maintain and oversee all information Systems Security Plans (SSPs) Assessment and Authorization in accordance with DoD mandated policies.
• Perform security audits on all systems under purview to validate proper use; ensure documentation (i.e., training records, system baseline, etc.) is kept current.
• Coordinate with program/project stakeholders, the Contract Program Security Officer (CPSO)/Facility Security Officer (FSO) and IT team members to define, implement and maintain an acceptable information systems security posture.
• Ensure procedures are developed and followed for responding to security compliance incidents and investigating and reporting security violations and incidents as appropriate.
• Ensure a Plan of /action and Milestone (POA&M) is maintained for all security related vulnerabilities and continually update SCA’s and AO’s as to the current status of planned activities for correcting vulnerabilities associated with required security controls.
• Track, review, and conduct AIS training.
• Identify AIS vulnerabilities and implement countermeasures.
• Perform AIS self-inspection; notify the customer when changes occur that might affect AIS authorization.
Qualifications:
Required:
• 8+ years of cybersecurity experience, with at least 3+ years directly in an ISSM or senior ISSO role for DoD aviation or weapons systems.
• Experience in obtaining authority to test (ATT) and authority to operate (ATO) approvals for operational and tactical systems.
• Extensive knowledge with certification/authorization requirements as outlined in the NISPOM, RMF, JISG, ICD 503, NIST SP 800-53 Rev 4/5, DoD STIG Overlays, and other USG IS/Security-related policies.
• In-depth knowledge and experience with technical configuration standards relating to information system security; experience configuring Linux operating systems, experience with server systems, system virtualization and other related peripherals.
• Experience configuring Linux (RHEL) and Windows (Windows 11 and Windows Server 2022) based systems to conform to selected Security Technical Implementation Guides.
• RMF Training as specified in the DSS Assessment and Authorization Process Manual.
• Required to hold and maintain DoD 8140/8570 approved baseline certification (e.g., Security+, CySA+, etc.).
• Self-starter, highly motivated, able to multi-task and meet tight deadlines. A strong candidate must have the ability to work well under pressure and deal with changing priorities.
• Excellent communication skills (oral and written), ability to work in a team environment, and must work well with others.
• Effective at problem-solving and proven ability to cope with conflict, stress and crisis situations.
• Candidates must have an active DoD Top Secret clearance with SCI eligibility.
Preferred:
• Experience specifically supporting NAVAIR, NAVWAR, or Air Force Life Cycle Management Center (AFLCMC) programs.
• Familiarity with Platform IT (PIT) and weapons systems cyber certification.
• ATO/ATT Acquisition: Develop, review, and submit comprehensive authorization packages (SSP, SAP, SAR, POA&M) in eMASS to achieve and maintain IATTs/ATTs/ATOs.
• Apply cybersecurity policies (e.g., AFI 17-101, SECNAV M-5239.3) to DoD aviation platforms, including platform IT (PIT), embedded systems, and ground support equipment.
• Apply cybersecurity policies (e.g., JSIG, ICD-503, NISPOM) to embedded aircraft systems, mission systems, and communication enclaves.
• Experience with secure data transfer, high-assurance encryptors, or cross-domain solutions.
• Experience with flight test data security and embedded system architecture.
Company:
We blend agility with rigor to develop new technologies and transition them for operational use, with a focus on the rapid deployment and adaptation of robust, heterogeneous, distributed systems to improve National Security. Founded in 2011, the company is headquartered in Arlington, USA, with a team of 11-50 employees. The company is currently Early Stage.