Cybersecurity Specialist (Secret Cleared)

Location: Hybrid – Within driving distance of Vicksburg, Mississippi (Occasional in-office)

Clearance Required: Secret (Ability to obtain TS)

Position Overview:

We are seeking a DoD Information Systems Security Officer (ISSO) to support cybersecurity compliance, authorization, and continuous monitoring of DoD information systems. The ISSO will execute Risk Management Framework (RMF) activities, maintain system security documentation in eMASS, and work closely with system owners, engineers, and the Information System Security Manager (ISSM) to ensure systems remain compliant with DoD cybersecurity requirements.

The ISSO will assist with documenting and validating security control implementations, collecting supporting evidence, and coordinating with system administrators and engineers to ensure required controls are implemented and maintained.

Key Responsibilities:

• Support the cybersecurity compliance and authorization of assigned information systems under the direction of the ISSM in accordance with the DoD Risk Management Framework (RMF).

 

• Assist with developing, updating, and maintaining RMF documentation, including System Security Plans (SSP), Security Assessment Plans (SAP), Security Assessment Reports (SAR), Plans of Action and Milestones (POA&M), Risk Assessment Reports (RAR), and associated control implementation documentation and supporting artifacts.

 

• Manage RMF activities within eMASS, including control implementation statements, artifact uploads, evidence tracking, POA&M management, control inheritance configuration, and package status tracking.

 

• Document and track NIST SP 800-53 security control implementations within eMASS and prepare controls for validation and approval by the ISSM.

 

• Collect, validate, and maintain control implementation evidence supporting authorization activities and continuous monitoring requirements.

 

• Review and analyze vulnerability and compliance scan results, including ACAS/Nessus outputs, SCAP compliance results, and DISA STIG checklists.

 

• Coordinate with system administrators and engineers to validate remediation actions and ensure findings are properly documented and tracked in POA&Ms.

 

• Support authorization activities including preparation for system assessments, coordination with assessment teams, and remediation tracking.

 

• Perform continuous monitoring activities such as vulnerability tracking, configuration compliance checks, periodic control validation, and coordination of audit log review activities.

 

• Support system change management by evaluating the security impact of system changes and updating RMF documentation accordingly.

 

• Ensure assigned systems comply with applicable DoD cybersecurity policies and standards, including DoDI 8510.01 (RMF), NIST SP 800-53 security controls, and DISA Security Technical Implementation Guides (STIGs).

 

• Provide cybersecurity guidance to system owners and technical teams regarding control implementation, RMF documentation, and compliance requirements.

 

• Develop and maintain system-level compliance reporting, including POA&M status, remediation progress, authorization timelines, and control implementation status.

 

Required Qualifications:

 

• Minimum of three (3) years of cybersecurity or information assurance experience supporting DoD information systems.

 

• Hands-on experience executing RMF activities and managing authorization packages within eMASS or similar system.

 

• Working knowledge of NIST SP 800-53 security controls and the DoD RMF authorization lifecycle.

 

• Experience supporting vulnerability management and system compliance processes, including ACAS/Nessus scanning, SCAP compliance tools, and DISA STIG checklists.

 

• Experience developing or maintaining RMF documentation such as SSPs, POA&Ms, SAPs, and SARs.

 

• Strong organizational and documentation skills with the ability to manage RMF artifacts and coordinate control evidence collection.

 

• Ability to communicate cybersecurity requirements effectively to system owners, engineers, and technical teams.

 

• Ability to manage multiple systems and competing deadlines in a structured environment.

 

Preferred Qualifications:

 

• Experience working with complex enterprise architectures and shared services environments.

 

• Familiarity with control inheritance, system boundary documentation, architecture diagrams, and authorization boundary concepts.

 

• Experience supporting security assessments conducted by internal assessment teams or SCA/SCA-V organizations.

 

• Familiarity with SIEM monitoring, audit log review processes, and endpoint security tooling.

 

• Familiarity with Tenable ACAS.

 

• Understanding of FedRAMP Moderate/High or CNSSI 1253 security control baselines.

 

Certifications:

Must possess a DoD 8140 / 8570 compliant certification such as:

• CompTIA Security+ CE
• CISSP
• CASP

 

 

 

What to Expect Next:

After submitting your application, our recruiting team will review your qualifications. This may include a brief telephone interview or email communication to verify resume details and discuss compensation expectations. Interviews will be conducted with the most qualified candidates. Broadway Ventures conducts background checks and drug testing prior to the start of employment. Some positions may also require fingerprinting.

Broadway Ventures is an equal opportunity employer and a VEVRAA federal contractor. We do not discriminate against applicants or employees on the basis of race, color, religion, sex, national origin, age, disability, protected veteran status, or any other status protected by applicable law.

Reasonable accommodations are available for applicants with disabilities. Broadway Ventures utilizes the OFCCP-approved Voluntary Self-Identification of Disability Form (CC-305).