Information System Security Officer, Senior (ISSO)

Overview

The Senior Information Systems Security Officer (ISSO) plays a critical role in supporting the CJIS Division's cybersecurity initiatives. This role focuses on implementing security frameworks, mitigating vulnerabilities, ensuring federal and agency compliance, and supporting secure system development practices within hybrid and cloud environments. By integrating advanced technical knowledge and risk management expertise, the ISSO safeguards CJIS systems, ensuring their confidentiality, integrity, and availability.

Aligned with Cayuse's core values, excellence, innovation, and collaboration, this position supports federal operations by providing proactive, reliable, and security-focused solutions to achieve federal cybersecurity objectives.

Responsibilities

• Oversee the implementation and enforcement of our client's security policies and Security Assessment and Authorization (SAA) efforts, ensuring full compliance with federal guidelines and operational standards.
• Assist in the engineering, development, and integration of security requirements for new or modified systems, ensuring these systems meet the client's security mandates.
• Perform advanced vulnerability assessments, penetration tests, and risk analyses using tools like Tenable Security Center, Splunk, and BigFix to identify weaknesses and recommend mitigation strategies.
• Collaborate with system owners and stakeholders to evaluate risks, develop mitigation strategies, and ensure system compliance with the client's security policies and frameworks.
• Maintain expertise in security frameworks such as NIST RMF, OWASP, DISA, Common Criteria, and SANS Institute, applying these standards to ensure system controls remain robust.
• Support the Security Assessment and Authorization (SAA) processes for CJIS information systems by ensuring conformance with the client and federal security policies, regulations (e.g., FISMA), and standards.
• Develop and maintain secure systems using CI/CD pipelines and virtualization strategies in cloud environments, including AWS, Microsoft Azure, and other cloud-based technologies.
• Monitor, identify, and respond to threats, incidents, and vulnerabilities, ensuring effective management of operational security for CJIS IT systems.
• Plan and conduct secure code reviews, system testing, and design assessments to verify alignment with security frameworks, policies, and technical controls.
• Maintain operational security tools and solutions, such as endpoint detection systems, audit logs, multi-factor authentication, and Zero Trust models, to support dynamic client's environments.
• Prepare and provide technical briefings, security plans, and risk assessment reports for stakeholders and leadership teams to support decision-making and compliance.
• Participate in Scaled Agile Framework (SAFe) workflows, embedding secure development practices and ensuring secure application lifecycles.
• Train and mentor junior ISSOs and peer professionals, fostering a culture of continuous improvement and knowledge sharing.

Qualifications

Minimum Education Requirements:

• Bachelor's Degree in Information Technology, Cybersecurity, or a related field (equivalent work experience may substitute for formal education).
  • Master's in Cybersecurity, Computer Science, or a related field, preferred

Minimum Experience Requirements:

• Minimum of 6+ years of hands-on experience in information security, including assessments, monitoring, and risk mitigation.
• Expertise with NIST Risk Management Framework (RMF) and federal compliance auditing tools and processes.
• Strong technical knowledge of networking, system administration, and secure system development techniques.
• Demonstrated level of experience in information security practices.
• 10+ years in cybersecurity, including advanced technical positions focused on cloud technologies and large-scale federal IT systems, preferred
• Expertise in Scaled Agile Framework (SAFe) and agile development environments.
• Experience with CI/CD pipeline management and cloud-based security architecture.
• Familiarity with advanced vulnerability management tools, including Tenable, Splunk, or similar.
• Exceptional ability to translate technical cybersecurity concepts for diverse audience levels.
• Familiarity with integrated tools like Jira, Azure DevOps, Confluence, BigFix, and Microsoft Defender
• Must be able to pass a background check and additional background checks as required by projects and/or clients at any time during employment.
• Active Top Secret clearance

Certification Requirements:

• Certified Information Systems Security Professional (CISSP) highly recommended.
• Cloud-based certifications, such as AWS Security or Microsoft Azure certifications, preferred.
• Advanced certifications (e.g., Certified Ethical Hacker [CEH], Cloud Security Alliance certifications), preferred
• CISSP specializations or virtualization certifications (e.g., VMware), preferred

Minimum Skills:

• Highly motivated and is at ease with handling or managing multiple tasks at any one time
• Self-starter with the ability to learn new tasks and skills.
• Strong organization and communications skills.
• Team Player

Our Commitment to you / overview of benefits

• Medical, Dental and Vision Insurance; Wellness Program
• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
• Short-Term and Long-Term Disability options
• Basic Life an AD&D Insurance (Company Provided)
• Voluntary Life and AD&D options
• 401(k) Retirement Savings Plan with matching after one year
• Paid Time Off

Working Conditions

• Hybrid (mix of on-site and telework) with the primary location in Clarksburg, WV. Telework activities must be conducted using Government-Furnished Equipment (GFE) or methodologies, as defined and pre-approved by the CJIS Division.
• Professional office environment
• Must be physically and mentally able to perform duties for extended periods of time. Ability to use a computer and other office productivity tools with sufficient speed to meet the demands of this position.
• Polished office protocols, high-tempo communication streams and working conditions.
• Must be able to work varying work schedules and/or extended hours to meet business needs and project deadlines.
• Must be able to attend and conduct virtual meetings as needed.

Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Affirmative Action/EEO Statement: Cayuse is an Equal Opportunity Employer. All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law.

Pay Range

USD $160,000.00 - USD $200,000.00 /Yr.