Information Systems Security Officer (ISSO)

CACI is seeking a highly experienced and proactive Information Systems Security Officer (ISSO) to join our dynamic cybersecurity team supporting the U.S. Strategic Command (USSTRATCOM) Cybersecurity Service Provider (CSSP). This role aligns with the cybersecurity functions described in DoD 8140 Work Role ID 722 at the Advanced Level. The successful candidate will be responsible for the cybersecurity of assigned systems/enclaves, performing Risk Management Framework (RMF) and compliance activities (e.g., eMASS, ATO support), while also serving as a vital leader within the Vulnerability Management Orders and Directives (VMOD) team. In the VMOD capacity, this role is crucial for processing and disseminating threat intelligence to drive threat-based defense and for executing USSTRATCOM's vulnerability management program, working closely with the ISSM. This position may be subject to rotating shift work as necessary to support specific mission or incident response requirements. 

The Opportunity:  

Join a CACI team where the mission is critical, and the team culture is paramount. We are building a positive, fun, collaborative, and light-hearted environment focused on collective success and individual growth. Our leadership is committed to: 

Culture: Fostering an engaging workplace through gamified cyber concepts (tabletop exercises, Backdoors & Breaches card game), team contests, informative lunch-and-learn sessions, active participation in local youth cyber programs, and opportunities to attend leading industry conventions like DEFCON and BSIDES. As a leader within the VMOD team, you will help drive this collaborative spirit. 

Training: Championing life-long learning. We prioritize robust training programs aligned with your career goals and DoD requirements, focusing on RMF, threat intelligence analysis, vulnerability management, and leadership skills. Our leadership provides mentorship and resources, and you will contribute to the team's knowledge base. 

Talent Management: Investing in your future. Every team member receives a detailed and fully customized Individual Development Plan (IDP). We facilitate cross-training and exploration of different roles within CACI, ensuring you remain challenged, engaged, and never bored. Your role offers a unique blend of compliance and operational security leadership. 

This is more than just a job; it's an opportunity to significantly impact national security cyber defense through both compliance assurance and proactive threat/vulnerability management leadership within a supportive organization. 

Responsibilities: 

As an Information Systems Security Officer (ISSO) - VMOD Lead, you will perform a hybrid role encompassing compliance and operational security leadership, including but not limited to: 

• VMOD Team Leadership & Execution: Lead and execute key functions of the VMOD team. Manage the monitoring of threat data sources to maintain situational awareness (KSAT 705). Analyze and disseminate threat intelligence to enable threat-driven defense for the SOC. Oversee elements of the vulnerability management program, including tracking orders/directives and supervising corrective measures (KSAT 852, 862, 58). Manage the production and publishing of related cyber defense guidance (KSAT 706, 707). 

• Risk Management Framework (RMF) & Compliance Support: Support the RMF lifecycle for assigned systems under the guidance of the ISSM. Perform compliance activities, track system status in eMASS, support assessments, and ensure POA&Ms are documented and tracked (KSAT 1016, 963, 862). Continuously validate systems against policies and regulations (KSAT 1032). 

• Vulnerability Management: Track known vulnerabilities from alerts and advisories (KSAT 58). Interpret patterns of non-compliance or vulnerability trends to determine risk impact (KSAT 677). Ensure remediation plans are in place and tracked (KSAT 963). 

• Threat Analysis: Maintain awareness of current and emerging cyber threats and vectors relevant to the operational environment (KSAT 967, 1159). 

• Policy & Procedure Adherence: Support the creation, distribution, and maintenance of plans, instructions, and SOPs related to system security and VMOD processes (KSAT 173, 790). Ensure procedures comply with cybersecurity policies (KSAT 947). 

• Incident Response Support: Recognize potential security violations and take appropriate action to report incidents (KSAT 824). Support protective or corrective measures when incidents or vulnerabilities are discovered (KSAT 852). 

• Stakeholder Collaboration & Communication: Collaborate extensively with the ISSM, SOC personnel, system administrators, and other internal/external stakeholders regarding threats, vulnerabilities, compliance status, and security improvements. Provide recommendations for tuning security controls/processes based on VMOD analysis and findings. 

• Reporting: Collect and maintain data for VMOD and compliance reporting (KSAT 440). Ensure necessary reporting (e.g., threat summaries, vulnerability status, compliance issues) meets requirements, potentially including JFHQ-DODIN timelines per CJCSM 6510.01B. 

Additional Duties: Perform other related duties as assigned by leadership to meet mission requirements and support USSTRATCOM objectives. Depending on experience and team structure, this role may involve working under direct supervision or potentially providing guidance, training, or supervision to others. 

Qualifications: 

Required Certifications (Must possess one): 

• (ISC)² Certified in Governance, Risk and Compliance (CGRC) / Certified Authorization Professional (CAP) 

• CompTIA Advanced Security Practitioner (CASP ) CE 

• (ISC)² Certified Cloud Security Professional (CCSP) 

• CompTIA Cloud CE 

• (ISC)² Systems Security Certified Practitioner (SSCP) 

• CompTIA Security CE 

• GIAC Security Essentials (GSEC) 

Conditional Alternative Certifications (Considered): 

• (ISC)² Certified Information Systems Security Professional (CISSP) 

Education & Experience: 

• Bachelor's degree (BS) in Information Technology, Cybersecurity, Computer Science, Information Systems Management, or a related technical field is required. 

• A minimum of 10 years of relevant, progressive cybersecurity experience is preferred, with a strong emphasis on RMF/compliance, vulnerability management, threat intelligence analysis, or related security operations roles. 

• Experience leading small teams or specific functions within a cybersecurity program is highly desirable. 

• Proven experience working within DoD or Federal government environments is required. 

• Expert-level knowledge of RMF, NIST SP 800 series, CNSSI 1253, and relevant DoD cybersecurity policies. Experience with eMASS is essential. 

• Strong understanding of vulnerability management lifecycle, threat intelligence concepts, incident response methodologies, and risk assessment (KSAT 108, 58, 967, 61). 

• Knowledge of computer networking, operating systems, security architectures, and common vulnerabilities (KSAT 22, 1072, 1159). 

• Excellent analytical, organizational, leadership, and communication skills. Ability to synthesize complex information and communicate effectively to diverse audiences. 

• Must be willing and able to work rotating shifts if required by specific mission needs or incident response situations. 

• Must possess an active or be eligible to acquire Top Secret w/ SCI security clearance.