Classified Cybersecurity ISSM/ISSO Lead

About Nooks

Future conflicts will be won by the fastest to adapt and launch new technologies. It’s all about speed, reducing cycle time, and connecting operators with technical experts. Mission success demands frictionless systems and processes. Nooks enables our country’s defense and intelligence industry partners to launch and operate talent and skills to the leading edge of the fight by connecting them with the networks and technologies they need to win.

Nooks is a fast-growing company pioneering Classified-Infrastructure-as-a-Service (“CIaaS”) to support classified operations for government and industry customers. Nooks provides the fastest and most efficient access to classified infrastructure for government contracting, ensuring that the best technologies equip our Nation’s warfighters. We are dedicated to employing best-in-class people, practices, and technologies to build and operate a nationwide network of accredited classified spaces and systems.

At Nooks, our team members are the critical factor that delivers the value our customers need - our teammates are innovators, building tremendous value from the bedrock up! Nooks needs people who see the opportunities for success in complex environments, who are ready to change the status quo, who love to work collaboratively with diverse backgrounds with a “service-first” mindset. Build the future of classified contracting with us and change the battlefield.

Job Title: Classified Cybersecurity ISSM/ISSO Lead

Location: Colorado Springs, CO

Position Type: Full-Time

Reports To: Director of IT and Cyber

Eligibility Requirements:

1. US Citizen

2. Active DoD Top Secret Clearance

Job Overview:

The Cybersecurity ISSM/ISSO Lead will take primary responsibility for the Information System Security Management (ISSM) and Information System Security Officer (ISSO) functions across multiple classified networks in support of both internal and external stakeholders. The individual in this role will be the lead for ensuring the security, compliance, and operational integrity of classified systems, while also auditing system logs from the environment. This position requires a deep understanding of cybersecurity requirements along with system and network administration best practices, as well as the ability to communicate effectively across multiple sites.

As we look to change the status quo, Nooks needs people who see the opportunities for success in complex environments, who are ready to change “the way it has always been done”, and who love to figure out challenging problems. If you’re passionate about cybersecurity and looking to change the way classified work is preformed, this is your opportunity to join our team and make an impact on national security!

Position Responsibilities:

• Serve as the ISSM and ISSO for multiple classified networks, ensuring compliance with all relevant security standards and frameworks (e.g. NIST, ICD 503, CNSS, etc.)
• Coordinate and collaborate with cybersecurity experts at government organizations to ensure networks are deployed in accordance with cybersecurity policies, approvals and implementation of Risk Management Framework (RMF) (e.g. DAAPM, ICD-503, JSIG, or NIST SP 800-171)
• Develop and implement security policies, procedures, and best practices for classified systems across multiple locations
• Perform regular risk assessments, vulnerability assessments, and continuous monitoring to identify potential threats and vulnerabilities
• Lead and coordinate the preparation of security documentation, including Authorization to Operate (ATO) packets, Security Plans (SSPs), risk assessments (RALs), and Plan of Action and Milestones (POA&Ms)
• Act as the primary point of contact for security audits and assessments, ensuring systems meet or exceed requirements for certification and accreditation
• Regularly audit logs from the server and network environments to maintain our security posture
• Support incident response efforts, including detection, analysis, and remediation of security incidents
• Work closely with other IT and cybersecurity personnel to ensure the confidentiality, integrity, and availability of classified information
• Provide training and guidance to staff members on Cybersecurity protocols, procedures, and best practices
• As company grows, will become a Cybersecurity leader to coach, manage and provide technical guidance to less-experienced Cyber professionals

Basic Qualifications (Required Skills/Experience):

• Must be a US citizen and have an active DoD Top Security Clearance
• Meet ISSM / ISSO training and certification requirements as outlined in DoDM 8140.03
• Must have at least one of the following certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Officer (CISSO)
  • GIAC Security Leadership Certification (GSLC)
• Must have a proactive and forward thinking mindset with a positive, 'can-do' attitude, eager to challenge the status quo in cybersecurity and drive innovative changes in a fast-paced, startup environment
• Minimum 10 years of experience in cybersecurity, with a focus on classified networks, as an ISSM/ISSO
• Experience in system administration (Windows/Linux server environments, virtualization, networking protocols, etc.)
• In-depth understanding of federal cybersecurity policies, regulations, and frameworks (NISPOM, DAAPM, NIST, JSIG, RMF, etc.)
• Familiarity with security tools (SIEMs, IDS/IPS, vulnerability scanners, etc.)
• Strong knowledge of network security protocols, firewalls, and encryption technologies
• Experience in writing and maintaining security documentation, including initial ATO submissions, SSPs, POA&Ms, and risk assessments
• Proven experience managing and securing multi-site IT infrastructures, particularly in high-security environments

Preferred Qualifications (Desired Skills/Experience):

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Multiple relevant cybersecurity certifications (Security , CISSP, CISM, CISA, CCSP, etc.)
• Experience with cloud security and hybrid network environments
• Familiarity with Configuration Management (CM) tools and processes
• Experience with automated patch management and endpoint security technologies
• Strong troubleshooting skills in both network and system administration contexts
• Experience with incident response and digital forensics in a classified environment
• Familiarity with federal and DoD certification and accreditation processes
• Experience with Top Secret and Special Access Programs (SAP) networks