Information Systems Security Officer

ECS is seeking an Information Systems Security Officer to work in our Fairfax, VA office.  

ECS is seeking a detail-oriented Information System Security Officer (ISSO) to support cybersecurity operations for U.S. Navy information systems. The ISSO will work under the direction of the ISSM and program leadership to ensure systems meet DoD and Department of the Navy (DON) cybersecurity requirements under the Risk Management Framework (RMF).

The ideal candidate will have experience supporting Navy systems and maintaining RMF packages in eMASS, with familiarity across Navy environments such as NAVWAR, NAVAIR, NAVSEA, or Fleet Cyber Command.

• Support the implementation and maintenance of RMF in accordance with:
  • DoDI 8510.01 (Risk Management Framework)
  • DoDI 8500.01 (Cybersecurity)
• Assist in developing, updating, and maintaining RMF documentation, including:
  • System Security Plans (SSPs)
  • Security Control Traceability Matrices (SCTMs)
  • Plan of Action & Milestones (POA&Ms)
  • Continuous Monitoring artifacts
• Implement and validate security controls based on:
  • NIST SP 800-53 Rev. 5
  • NIST SP 800-37 Rev. 2
• Maintain and update system records in eMASS, ensuring accuracy and completeness
• Conduct routine security control checks and support formal Security Control Assessments (SCAs)
• Perform vulnerability management activities, including:
  • Running and analyzing ACAS scans
  • Applying and validating DISA STIGs/SRGs
  • Tracking remediation actions to closure
• Monitor system security posture and support continuous monitoring (CONMON) activities
• Support incident response efforts in accordance with:
  • DoDI 8530.01 (Cyber Incident Response)
  • Navy Cyber Defense Operations processes
• Assist with audits, inspections, and cybersecurity reviews (e.g., FISMA, DON CIO inspections)
• Provide day-to-day cybersecurity support to system administrators, engineers, and developers
• Ensure proper configuration management and secure baseline enforcement across systems

• Active Secret clearance (TS/SCI preferred)
• Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience)
• 5–7+ years of cybersecurity experience, with ISSO or ISSO-support experience in a DoD/Navy environment
• Hands-on experience with RMF processes and artifacts
• Experience working in eMASS
• Working knowledge of:
  • NIST SP 800-53 Rev. 5 controls
  • NIST SP 800-37 Rev. 2 (RMF)
  • DoDI 8500.01 / 8510.01
  • SECNAV M-5239.1 (DON Cybersecurity Manual)
• Experience supporting Navy or DoD systems (e.g., NAVWAR, NAVAIR, NAVSEA, USMC)
• Familiarity with:
  • DISA STIGs and compliance tools
  • ACAS vulnerability scanning
  • Endpoint security tools (e.g., HBSS/ESS)
• Must meet DoD 8140 (formerly 8570.01-M) IAT Level II or higher requirements, such as:
  • Security+ (minimum)
  • CySA+
  • SSCP
  • CASP+ (preferred)