Overview
Delta Solutions and Services Bowhead is seeking a Mid-Level ISSO for our team at Vandenberg SFB.
The Information Systems Security Officer (ISSO) is responsible for implementing, maintaining, and continuously improving cybersecurity controls for assigned information systems in accordance with DoD, Air Force, and NIST Risk Management Framework (RMF) requirements. The ISSO ensures that all systems remain secure, compliant, and operational across all classification levels through proactive management of security artifacts, RMF authorization support, and ongoing vulnerability and compliance monitoring. In addition to RMF responsibilities, the ISSO performs Communications Security (COMPUSEC) and TEMPEST functions, including emission security evaluations, classified processing compliance, and controlled media handling. This position is critical to ensuring S4S maintains a secure cyber environment, sustained authorization, and readiness for audits and inspections.
The position provides day-to-day cybersecurity and information assurance support for Collateral, Sensitive Compartmented Information (SCI), and Special Access Program (SAP) environments.
Responsibilities
Assist in the preparation, submission, and maintenance of RMF Authorization packages (Assessment & Authorization - A&A) for S4S systems.
Develop and maintain all required cybersecurity documentation, to include System Security Plans (SSPs), procedures, diagrams, Plans of Action and Milestones (POA&Ms), and associated body-of-evidence artifacts.
Track and manage system authorization timelines and accreditation status to ensure uninterrupted Authority to Operate (ATO) or Interim Authorization to Test (IATT).
Conduct, document, and report results of cybersecurity self-inspections, vulnerability scans, and control tests to support continuous monitoring requirements.
Maintain and update audit logs, system access control lists, and incident reports in accordance with DoD and Air Force cybersecurity policy.
Track and report POA&M items, ensuring timely remediation of vulnerabilities and documentation of risk acceptance where applicable.
Maintain inspection readiness and provide direct support to cybersecurity inspections, Command Cyber Readiness Inspections (CCRIs), and Staff Assistance Visits (SAVs).
Ensure implementation and enforcement of administrative, procedural, and technical security controls in accordance with NIST SP 800-53 and related DoD guidance.
Coordinate with system administrators to maintain secure system baselines, verify proper patching, and validate STIG compliance.
Perform security risk assessments for system modifications, upgrades, integrations, and software deployments.
Assist in developing and delivering system-specific security briefings, user guides, and operational best practices to authorized users.
Support cybersecurity incident detection, triage, and response efforts in coordination with the Cybersecurity Service Provider (CSSP) and the Information System Security Manager (ISSM).
Prepare risk reports, status updates, and leadership briefings summarizing system cyber health, compliance metrics, and residual risk posture.
Liaise between system owners, administrators, cybersecurity teams, and external assessors to ensure consistent understanding and application of RMF controls.
Integrate cybersecurity considerations into system engineering, sustainment, and lifecycle management activities.
Represent cybersecurity equities during design reviews, planning boards, and operational or acquisition meetings.
Ensure systems and networks are operated, maintained, and disposed of in accordance with applicable cybersecurity and records management policies.
Ensure all system users complete required initial, recurring, and role-based cybersecurity training.
Conduct face-to-face or virtual security training and awareness sessions, documenting attendance and compliance.
Report, investigate, and document cybersecurity incidents in accordance with established incident response procedures.
Ensure compliance with COMPUSEC policies, including media marking, transfer, encryption, and destruction procedures.
Conduct TEMPEST risk assessments, ensuring compliance with DoD emission security policies and facility accreditations.
Coordinate or conduct TEMPEST inspections of facilities, equipment, and cabling to ensure compliance with CTTA-issued standards.
Maintain TEMPEST accreditation packages and verify that mitigation controls are implemented for identified vulnerabilities.
Liaise with Certified TEMPEST Technical Authorities (CTTAs) and ensure compliance with all emission security and classified processing requirements.
Support cybersecurity contingency planning, including exercises and real-world event response activities.
Support users and assist with the coordination and completion of paperwork required to resolve negligent discharge of classified information incidents and events.
Provide after-hours support as required to maintain system availability, mission continuity, and cyber defense posture.
Other duties as assigned.
Qualifications
Minimum of 2-5 years of related experience supporting RMF authorization packages, continuous monitoring, and cybersecurity compliance for DoD systems.
Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent combination of education and experience (4 years).
Must meet position and certification requirements outlined in DoD 8140 for the Information System Security Manager role (Intermediate Level) within six months of hire.
Must be familiar with RMF tools and workflows such as eMASS, Xacta, and ACAS.
Must possess a strong understanding of COMPUSEC and TEMPEST policies, DoDI 8500.01, CNSSI 1253, and related DoD guidance.
Ability to coordinate with multiple stakeholders to ensure cyber readiness across Collateral, SCI, and SAP environments.
Ability to provide surge and after-hours support during inspections, exercises, or real-world cyber events.
Physical Demands:
Must be able to lift up to 50 pounds
Must be able to stand and walk for prolonged amounts of time
Must be able to twist, bend and squat periodically
SECURITY CLEARANCE REQUIREMENTS: Must currently hold an active TS/SCI clearance.
LI-DNI
MN1
Applicants may be subject to a pre-employment drug & alcohol screening and/or random drug screen, and must follow UIC's Non-DOT Drug & Alcohol Testing Program requirements. If the position requires, an applicant must pass a pre-employment criminal background history check. All post-secondary education listed on the applicant's resume/application may be subject to verification.
Where driving may be required or where a rental car must be obtained for business travel purposes, applicants must have a valid driver license for this position and will be subject to verification. In addition, the applicant must pass an in-house, online, driving course to be authorized to drive for company purposes.
UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics EOE/D/V. In furtherance, pursuant to The Alaska Native Claims Settlement Act 43 U.S.C. Sec. 1601 et seq., and federal contractual requirements, UIC and its subsidiaries may legally grant certain preference in employment opportunities to UIC Shareholders and their Descendants, based on the provisions contained within The Alaska Native Claims Settlement Act. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. Please view Equal Employment Opportunity postershere (https://www.eeoc.gov/sites/default/files/2023-06/22-088\EEOC\KnowYourRights6.12ScreenRdr.pdf) .
All candidates must apply online at www.uicalaska.com , and submit a completed application for all positions they wish to be considered. Once the employment application has been completed and submitted, any changes to the application after submission may not be reviewed. Please contact a UIC HR Recruiter if you have made a significant change to your application. In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance www.uicalaska.com/careers/recruitment/ .
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
UIC Government Services (UICGS / Bowhead) provides innovative business solutions to federal and commercial customers in the areas of engineering, maintenance services, information technology, program support, logistics/base support, and procurement. Collectively, the fast-growing Bowhead Family of Companies offers a breadth of services which are performed with a focus on quality results. Headquartered in Springfield, VA, we are a fast-growing, multi-million-dollar company recognized as a top Alaska Native Corporation providing services across the Department of Defense and many federal agencies. Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and state or contract required paid time off programs.
Join our Talent Community!
Join our Talent Community (https://talentconnect.uicalaska.com/government-services/talentcommunity) to receive updates on new opportunities and future events.
ID 2026-24828
Category Information Technology
Location : Location US-CA-Vandenberg SFB
Min USD $162,000.00/Yr.
Max USD $162,000.00/Yr.
Minimum Clearance Required Top Secret/SCI
Travel Requirement Less than 10%
