Information System Security Officer (ISSO)

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted. 

The Space and Intelligence Division provides engineering services and analytic support to the Air Force, Space Force, Combatant Commands, the Intelligence Community, and NASA. Our work includes systems engineering and integration, test planning and execution, cost estimating and analysis, developing approaches and concepts to meet emerging, high priority National Defense needs, and assessing and developing cutting-edge technologies and capabilities to meet those needs. 

SPA has a near-term need for a Information Systems Security Officer.

Responsible for ensuring the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the ISSM and ISO.  The position shall have the detailed knowledge and expertise required to manage the security aspects of an information system and, in many organizations, is assigned responsibility for the day-to-day security operations of a system.  This position may require privileged access and DODM 8570.01M restrictions will apply.

• Reviewing and assessing information system security requirements and associated verification methods per Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST);
• Performing analysis of network security based upon the RMF, NIST, and DISA Security Technical Implementation Guides (STIGS);
• Assisting with the design, integration, and implementation of NIST/RMF Continuous Monitoring tools and processes;
• Performing security assessments of servers/network devices/security appliances;
• Writing and executing cybersecurity test procedures for validation of control compliance;
• Monitoring and analyzing outputs of cybersecurity-related tools for reportable security incidents and residual risks;
• Identifying and/or assessing information system vulnerabilities and susceptibility to life cycle disruptions, hazards, and threats;
• Providing and implementing cybersecurity risk management recommendations;
• Providing consultation and technical support on DoD Information System Security;
• Providing security consideration to inform systems engineering efforts with the objective to reduce errors, flaws, and weakness that may constitute security vulnerability leading to unacceptable asset loss and consequences;
• Developing, implementing, and evaluating information system security program policy;
• Recommending cybersecurity software tools, assisting in the development of software tool requirements, and selection criteria;
• Reviewing and developing security-related designs and provide security compliance recommendations;
• Supporting Patch/Configuration Management, DevSecOps, and advanced technical support;
• Integrating/developing new techniques to improve Confidentiality, Integrity, and Availability for networks/systems operating at various classification levels.  
• Has an in-depth understanding of the cybersecurity policies and procedures for government sector information systems and sufficient technical knowledge and experience to implement them.
• Provides hands on security and compliance guidance and work with Scrum Masters and product owners in concert with system requirements that are being developed and implementing cloud computing.
• This position may require privileged access and DODM 8570.01M restrictions will apply.

Required Qualifications:

• Bachelor's Degree in Cybersecurity, Information Technology, or a related technical discipline
• Minimum of 4 years of experience as an ISSE
• Certified in accordance with DoD Directive 8570.01-M for Information Assurance Technician Level II
• Experience with DoD cybersecurity policies, manuals, and standards
• Experience developing and maintaining RMF assessment and authorization documentation through the system life-cycle
• Experience with DISA STIGS
• Experience working in eMASS and Xacta
• Competency in Microsoft Windows Server, Active Directory, VMWare, Microsoft Office, video teleconferencing/VOIP, and Microsoft Azure
• IAT Level II Certification
• Active Secret Clearance, with eligibility for a Top Secret  SCI 

At SPA, we strive to deliver a robust total compensation package that will attract and retain top talent.  Elements of the compensation package include competitive base pay and variable compensation opportunities.  

SPA provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.  

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, etc.

Please note that the salary information shown below is a general guideline only.  Salaries are commensurate with experience and qualifications, as well as market and business considerations.  Colorado Pay Transparency Range: 105k - 170k