IT Security Specialist - ISSO


The IT Security Specialist will be, after Government approval, appointed the Information Systems Security Officer (ISSO) and provide direct support to the System Owner (SO). This role includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal. 

The ISSO shall possess effective interpersonal and professional skills as he/she operates in a client-facing role. The ISSO must possess experience with NIST 800 publications standards. The ISSO shall have experience in preparing documents such as: System Security Plans (SSPs), Contingency Plans (CPs), Risk Assessments Matrices (SRTMs), Security Impact Assessments (SIAs) for proposed changes, as well as having a thorough understanding of NIST publications (SP 800-53, rev3/4, 800-53A, and 800-37). The candidate will have hands-on experience and extensive knowledge with NIST Special Publications (SP) documents and Federal Information Processing Standards (FIPS).


  • Advise the SO in all aspects of security, manages all security documentation and plays a key role in incident response and contingency planning activities.
  • Support all Assessment & Authorization (A&A) activities.
  • Perform routine vulnerability/risk assessment analysis.
  • Update system-level policies, assist in developing procedures that meet requirements.
  • Ensure IT systems have all security controls in place and functioning properly in accordance with NIST 800-53A publication.
  • Conduct and evaluate/analyze vulnerability results from the following set of tools to include but not limited to: NESSUS and WebInspect.
  • Assist with external/internal audits for designated systems.
  • Report incidents within the timeframe prescribed by NOAA policy for incident response. Manage timely closure of Plan of Action and Milestones (POA&Ms).
  • Assists in the maintenance of systems to protect data from unauthorized users
  • Manage POA&Ms through the develop of artifacts and security documentation
  • Identify, report, and resolve security violations
  • Manage Information systems core documents (SSP, BCP, FIPS 199/200) and relevant security documents (Diagrams)


  • Bachelor’s Degree in Computer Science or related field (i.e., EE, CPE, MIS, IT)
  • 5-10 years of experience in relevant security environment.
  • Experience with NIST SP 800-37 Risk Management Framework
  • Experience with System and Network administration
  • Experience with Incident Response involving threat actors and working ongoing pervasive intrusion sets.
  • Familiar with enterprise cyber security architecture and its data collection points, as it relates to incident response and investigations (antivirus, firewalls, email gateways, DNS, web and content filtering proxies, logging infrastructure, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Event Information Management Systems (SEIMS), etc.).
  • Experience with FISMA A&A continuous monitoring
  • Experience with providing Vulnerability and Compliance Scanning
  • Experience with A&A Core Documentation development (i.e. SSP, CP/BIA)
  • Experience in assessing and maintaining a FIPS 199 High Category federal system
  • Experience with Security Repository Tools such as Cyber Security Assessment and Management (CSAM)
  • Knowledge of security best practices such as: defense in-depth; least privileges; access controls; and, encryption
  • Experience with multiple operating platforms, products, and technologies (Linux, Cisco, Drupal, Microsoft, ArcSight, McAfee, IPS/IDS, FWs, etc.)


  • Certified Information System Security Professional (CISSP)
  • Ability to use scanning products such as: Nessus, Retina, Core Impact
  • Ability to assess new technologies and advise team how to implement into the environment.
  • Ability to write security agreements (SLAs, MOU/As and ISAs)
  • Demonstrated ability to identify vulnerabilities, risks, and protection needs as it relates to information systems.
  • Capable of managing POA&Ms and successful POA&M remediation
  • Ability to analyze and understand cyber threat actor capabilities and intentions, methodologies, methods and motives
  • Ability to perform risk assessments related to IT security
  • Proficiency in Microsoft Office suite (Word, Excel, PowerPoint, Visio, and Project)
  • Strong verbal and written communication skills
  • Must be organized, timely, and customer service oriented
  • Ability to work well independently and in a team setting
  • Excellent attention to detail and good analytical skills
  • ITIL v3 Foundation certification a plus
  • United States Citizen
  • Must have or be able to pass a US Government Background Investigation

Apply Now

GAMA-1 is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind

Job Details

Location: Suitland, MD

Full Time

Ways to Apply 
Submit your resume through 
Join Our Team or apply through ZipRecruiter.

Contact Us for additional information or questions.