Information Systems Security Officer - Cloud Security Specialist

Information Systems Security Officer - Cloud Security Specialist (NAUT)

Bowhead seeks an Information Systems Security Officer (ISSO Cloud) to support our customer on the Nautical contract in the Arlington, VA area. This position ensures information systems security compliance and manages security controls for DoD cloud migration projects while coordinating security accreditation activities and maintaining ongoing security posture.

Responsibilities

Implement and maintain security controls per NIST 800-53 and DoD standards for cloud-based systems

Conduct comprehensive security assessments and vulnerability analyses on cloud infrastructure

Manage security documentation and compliance reporting for continuous monitoring programs

Coordinate with Authorizing Officials for system accreditation and Risk Management Framework (RMF) processes

Monitor security incidents and coordinate response activities across cloud environments

Maintain security awareness training programs and ensure personnel compliance with DoD security requirements

Support continuous monitoring and security control assessments for cloud-based information systems

Conduct vulnerability scans and recognize cloud-based vulnerabilities in security systems

Utilize DoD network analysis tools to identify cloud-based vulnerabilities (e.g., ACAS, HBSS, etc.)

Apply system, network, and OS hardening techniques for cloud environments

Conduct cloud-based application vulnerability assessments and penetration testing

Identify systemic security issues based on analysis of vulnerability and configuration data

Apply cybersecurity and privacy principles to organizational requirements (confidentiality, integrity, availability, authentication, non-repudiation)

Utilize Tenable Assured Compliance Assessment Solution (ACAS) for vulnerability management

Manage Trellix Endpoint Security System (ESS), previously known as McAfee Host Based Security System (HBSS)

Apply cloud-based access controls (access control lists, LDAP, Active Directory, etc.)

Configure and maintain Virtual Private Network (VPN) devices and encryption protocols

Troubleshoot and diagnose cyber defense infrastructure anomalies and work through resolution

Perform impact/risk assessments for cloud security implementations

Develop insights about the context of organizational threat environments to improve risk management posture

Ensure complete understanding and implementation of NISPOM and ICD requirements

Plan, schedule, and prioritize security activities to accomplish mission objectives

Handle classified information according to proper procedures and security protocols

Other duties as assigned

Qualifications

Bachelor's degree in Cybersecurity, Information Systems, Information Technology, Computer Science, or related field from an ABET accredited or CAE designated institution or 10 years experience in lieu of this degree.

Minimum of 16+ years of information security experience with demonstrated expertise in cloud security

Minimum of 5+ years of DoD security experience in enterprise environments

Minimum of 3+ years of hands-on experience with cloud security frameworks and implementations

Complete understanding and experience implementing requirements of the NISPOM and ICDs

Knowledge of cloud security principles and FedRAMP requirements

Meets the Core and Additional Knowledge, Skills, and Abilities Tasks (KSATs) defined in the DoD Cyber Workforce Framework

Demonstrated ability to develop solutions to complex security problems

Proven ability to work in fast-paced, deadline-driven environments

Excellent verbal and written communication skills for technical and executive audiences

Recent experience with security management policies and procedures

Proficiency with Microsoft Office Suite and security management tools

Certification Requirements:

Required: CISSP, CISM, or equivalent DoD Directive 8570 compliant certification; CompTIA Security+

Desired: GCIH, GSEC, CISSP, CISA, FITSP-M, GCSA, GISF, SSCP, CEH, or other advanced security certifications

Physical Demands

Must be able to lift 25 pounds on occasion.

Must be able to stand and walk for prolonged periods of time.

Must be able to twist, bend, and squat periodically.

Security Clearance Requirements:

Must be able to maintain a security clearance at the Top Secret level with SCI eligibility and maintain SAP eligibility. Due to work requirements, this position will not entertain work from home capabilities. US Citizenship is a requirement for this contract.