A3 Technology, Inc. is seeking a mission-driven Information System Security Officer (ISSO) to lead Assessment & Authorization (A&A) and Continuous Monitoring for U.S. Customs and Border Protection (CBP) systems. The ISSO will assume duties in accordance with DHS 4300A and CBP HB 1400-05D, ensuring systems achieve and maintain Authority to Operate (ATO) while meeting FISMA requirements and CBP security objectives.
This role monitors system security posture, steers reaccreditation and Ongoing Authorization (OA), authors and governs security documentation, responds to DHS/CISA/CBP data calls, and advises engineering and operations on secure architectures and changes. The ideal candidate pairs deep RMF expertise with clear stakeholder communication and disciplined artifact management.Key Responsibilities:
- Assume and perform ISSO duties per DHS 4300A and CBP HB 1400-05D; lead/perform A&A and reaccreditation in line with project schedules and STP guidance.
- Continuously monitor security posture of assigned systems using DHS/CBP policy and FISMA guidance, track control effectiveness and risk exposure.
- Notify the Director of Security and/or ISSM when accreditation/reaccreditation is required; contact the CBP STP Security Authorization (SA) Team 10 months prior to ATO expiration to schedule the reaccreditation kick-off.
- Plan and execute activities to move designated systems into Ongoing Authorization (OA) / Continuous Monitoring; prepare for and support OARMB reviews.
- Conduct self-assessments of CBP major applications and general support systems per DHS/CBP policy, including vulnerabilities at Contractor facilities.
- Acknowledge and act on ISVM messages; report compliance status and, when remediation cannot meet policy timelines, create and track POA&Ms and notify the ISSO Branch Chief/ISSM.
- Perform annual reviews/updates of assigned systems and documentation as required by DHS/CBP policy.
- Provide policy and security guidance to system designers, implementers, and operators; review security solutions and interpret policy impacts on architectures and information systems.
- Assist CSIRC with investigations of security incidents/violations, support evidence collection and after-action documentation.
- Review all EIOD-ENSB Change Requests (CRs) to verify proposed changes adhere to security standards; perform security impact analyses; ensure baselines remain compliant.
- Provide asset updates to the Vulnerability Assessment Team (VAT) and System Security Plan (SSP) when assets are added, removed, or modified.
- Develop, review, and submit for Government approval all A&A artifacts, including (as applicable):
- ISSO/AISSO designation letters; System Owner letters; PTA; PIA; E-Authentication Determination
- ST&E Plan; ST&E Test Results; ATT approvals; ATO Authorization Letter
- Self-Assessment (NIST SP 800-53); FIPS 199 Assessment; Risk Assessment
- System Security Plan; Contingency Plan; Contingency Plan Test & results; Security Assessment Report
- POA&Ms (created/managed in CSAM); DHS/CBP waiver artifacts; DHS/CISA/CBP/OMB audit support
- DHS/CISA/CBP Data Calls support and response; Cloud “As a Service” and FedRAMP sponsorship/support
- ISVM review/support; weekly review of network scans and log files
- Review and update the SSP annually or when significant changes occur; review/update/develop ISA (as applicable).
- Prepare documents and meet requirements for the annual OA Review Management Board (OARMB).
- Complete/update a NIST SP 800-26 or SP 800-53 review yearly for each major application, LAN(s), or general support system.
- Prepare weekly vulnerability summaries and an end-of-week status for assigned systems (compliance highlights, current ISVMs, POA&Ms in progress).
- Maintain rigorous configuration/document control so approved changes are reflected in SSPs, inventories, baselines, and security artifacts.
Minimum Qualifications:
- Bachelor’s in Information Systems, Cybersecurity, Computer Science, Engineering, or related field.
- 5+ years as an ISSO or in security governance/A&A/RMF for enterprise systems (federal preferred).
- Expertise with DHS 4300A, CBP HB 1400-05D, FISMA, NIST RMF (SP 800-37) and NIST SP 800-53.
- Hands-on production of A&A artifacts (SSP, RA, ST&E, SAR, CP/CP-Test, POA&M) and coordination of ATO/OA cycles.
- Experience with vulnerability management and ISVM compliance, scan review, remediation tracking, and CSAM POA&M lifecycle management.
- Strong written/oral communication; ability to brief leadership and collaborate with engineers, operators, auditors, and ISSM/ISSO leadership.
- U.S. Citizenship and ability to obtain/maintain required CBP background clearance; on-site work in secured facilities as required.
Highly Desired Qualifications:
- Certifications: Security+ (required or within 6 months), CISSP (or Associate), CAP, CISM, or equivalent.
- Prior DHS/CBP experience; familiarity with STP SA processes, OARMB, and DHS/CISA Data Calls.
- Experience with FedRAMP, cloud security (“as a Service”), and ISAs.
- Familiarity with SCAP-compliant vulnerability scanners (e.g., Tenable/Nessus) and SIEM (e.g., Splunk/ELK); configuration baselining.
- Knowledge of FIPS 199/200, SP 800-30 (Risk Assessment), SP 800-34 (Contingency Planning), and TIC 3.0 considerations.
Additionally, US Citizenship or documented proof of eligibility to work in the US is a must. Upon receiving a conditional offer of employment, candidates will undergo a Government investigation and must meet eligibility requirements for Government clearance. Verification of past employment, education and references is also required. It is imperative that candidates be either a US citizen or a current green card holder with the last 3 consecutive years as a resident of the US.The salary range for positions is $50,000 to $175,000.
This range is provided as a general guideline and should not be interpreted as a guarantee of compensation. Actual salary offers will be determined based on a variety of factors, including but not limited to the specific responsibilities of the position, the candidate’s education, experience, location, knowledge, skills, and abilities. In addition, compensation may be influenced by applicable Federal Government contract labor categories and established contract wage rates.At A3 Technology, Inc., we take pride in being an Equal Opportunity Employer (EEO) and Affirmative Action (AA) employer.
We're committed to considering all qualified candidates for employment without regard to race, religion, color, sex, sexual orientation, gender identity, age, protected veteran status, disability, national origin, genetic information or any other protected status.
