Information Systems Security Officer - Cloud Security Specialist

INFORMATION SYSTMES SECURITY OFFICER - CLOUD SECURITY SPECIALIST (NAUT):

Bowhead seeks an Information Systems Security Officer (ISSO Cloud) to support our customer on the Nautical contract in the Arlington, VA area. This position ensures information systems security compliance and manages security controls for DoD cloud migration projects while coordinating security accreditation activities and maintaining ongoing security posture.

• Implement and maintain security controls per NIST 800-53 and DoD standards for cloud-based systems
• Conduct comprehensive security assessments and vulnerability analyses on cloud infrastructure
• Manage security documentation and compliance reporting for continuous monitoring programs
• Coordinate with Authorizing Officials for system accreditation and Risk Management Framework (RMF) processes
• Monitor security incidents and coordinate response activities across cloud environments
• Maintain security awareness training programs and ensure personnel compliance with DoD security requirements
• Support continuous monitoring and security control assessments for cloud-based information systems
• Conduct vulnerability scans and recognize cloud-based vulnerabilities in security systems
• Utilize DoD network analysis tools to identify cloud-based vulnerabilities (e.g., ACAS, HBSS, etc.)
• Apply system, network, and OS hardening techniques for cloud environments
• Conduct cloud-based application vulnerability assessments and penetration testing
• Identify systemic security issues based on analysis of vulnerability and configuration data
• Apply cybersecurity and privacy principles to organizational requirements (confidentiality, integrity, availability, authentication, non-repudiation)
• Utilize Tenable Assured Compliance Assessment Solution (ACAS) for vulnerability management
• Manage Trellix Endpoint Security System (ESS), previously known as McAfee Host Based Security System (HBSS)
• Apply cloud-based access controls (access control lists, LDAP, Active Directory, etc.)
• Configure and maintain Virtual Private Network (VPN) devices and encryption protocols
• Troubleshoot and diagnose cyber defense infrastructure anomalies and work through resolution
• Perform impact/risk assessments for cloud security implementations
• Develop insights about the context of organizational threat environments to improve risk management posture
• Ensure complete understanding and implementation of NISPOM and ICD requirements
• Plan, schedule, and prioritize security activities to accomplish mission objectives
• Handle classified information according to proper procedures and security protocols
• Other duties as assigned

• Bachelor's degree in Cybersecurity, Information Systems, Information Technology, Computer Science, or related field from an ABET accredited or CAE designated institution or 10 years experience in leiu of this degree.
• Minimum of 16+ years of information security experience with demonstrated expertise in cloud security
• Minimum of 5+ years of DoD security experience in enterprise environments
• Minimum of 3+ years of hands-on experience with cloud security frameworks and implementations
• Complete understanding and experience implementing requirements of the NISPOM and ICDs
• Knowledge of cloud security principles and FedRAMP requirements
• Meets the Core and Additional Knowledge, Skills, and Abilities Tasks (KSATs) defined in the DoD Cyber Workforce Framework
• Demonstrated ability to develop solutions to complex security problems
• Proven ability to work in fast-paced, deadline-driven environments
• Excellent verbal and written communication skills for technical and executive audiences
• Recent experience with security management policies and procedures
• Proficiency with Microsoft Office Suite and security management tools

CERTIFICATION REQUIREMENTS:

Required: CISSP, CISM, or equivalent DoD Directive 8570 compliant certification; CompTIA Security+
Desired: GCIH, GSEC, CISSP, CISA, FITSP-M, GCSA, GISF, SSCP, CEH, or other advanced security certifications

Physical Demands

• Must be able to lift 25 pounds on occasion.
• Must be able to stand and walk for prolonged period amounts of time.
• Must be able to twist, bend, and squat periodically.

SECURITY CLEARANCE REQUIREMENTS: Must be able to maintain a security clearance at the Top Secret level with SCI eligibility and maintain SAP eligibility. Due to work requirements, this position will not entertain work from home capabilities. US Citizenship is a requirement for this contract.

#LI-KC1