Join a fast growing agile small company that delivers cutting edge cybersecurity and system integration services to the US National Security market. We are seeking a motivated self-starter with experience in secure information systems to join a team of security professionals and help defend national security programs.

Security Clearance Requirements:
Active Top Secret / SCI Required

This position requires full-time on-site support. This is not a remote position.

Tau Six, an agile small company delivering cutting edge cybersecurity and systems integration services to the US National Security market, has an immediate need for a Information System Security Officer (ISSO) for a Department of Defense customer. In this role you have the opportunity to work with a cross-functional team in multiple technical areas to include operations, engineering, security, and systems development to deliver secure solutions to our national security customers.

The Information Systems Security Officer (ISSO) ensures the appropriate operational security posture is maintained for information systems to include Wide Area Networks (WANs), Local Area Networks (LANs), Cross Domain Solutions (CDSs), and standalone systems. Directs and implements the necessary controls and procedures to cost-effectively protect information systems from intentional or inadvertant modification, disclosure, or destruction. Provides system security plans; change management, security incident response, and information system security documentation, policies, and procedures.

The ISSO is responsible for providing Risk Management Framework (RMF) products that document the information system’s adherence to the security controls applied.


  • Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
  • Participate in in A&A events for external systems as a member of the security control assessment team in support of the senior Security Control Assessor (SCA).
  • Create and maintain existing information system security documentation, including SSP, SCTM, and Risk Management Framework (RMF) Body of Evidence
  • Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter
  • Write implementation and design documents describing how security features are implemented
  • Prepare system documentation for assessment in accordance with RMF and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance
  • Create security policies and maintain existing information system security documentation
  • Conduct periodic and continuous monitoring of the system to ensure compliance with the authorization package
  • Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes
  • Conduct daily, weekly, and monthly audit review and management of the audit collection system for assigned systems, boundaries, and components
  • Continuously review and evaluate best practices for implementing a comprehensive audit program
  • Implement vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing applicability to existing systems, and ensuring closure
  • Implement media control and data transfer policies
  • Provide direction and guidance to less experienced cybersecurity personnel
  • Remain sensitive to security infractions and assist in security investigations and responses as requested
  • Work on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment
  • Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage
  • Communicate well, both orally and in writing with both government and industry audiences


  • 4 or more years of experience in Information Security (INFOSEC) operations and/or Cybersecurity-related support.
  • Graduated with a Associate's Degree (preferably in telecommunications, computer science, information systems management, electrical engineering, computer engineering or similar field of study)
  • Strong background and extensive experience with RMF, ICD 503, NIST SP800-53, JSIG or DJSIG; knowledge of current authorization practices, particularly within the DoD. Extensive background with DITSCAP/DIACAP may be substituted in some cases.
  • Experience with security efforts related to modern Windows, Cloud computing, Linux, UNIX, Cisco, SQL or Oracle databases, and virtual computing. This might also include some system administration work with an emphasis on security control implementation
  • Experience with using vulnerability scanning and audit collection and management products.
  • DoD 8570.1 / DoD 8140.01 certification (IAT Level III, IAM level II ) required, CAP, CASP, CISSP, or CISM desired

Desired Qualifications:

  • 2 or more years of experience with the Risk Management Framework (RMF) within the Intelligence Community (IC), DoD, and/or Federal Systems community.
  • OS/CE certificate for Windows 10 and Windows Server 2012/2016 or newer.
  • OS/CE certificate for Red Hat Enterprise Linux (RHEL).

Security Clearance Requirements: Active Top Secret / SCI Required