Information System Security Officer NF4

Quantico, Virginia
Oct 13, 2021
Oct 19, 2021
IT, Security Engineer
Full Time


Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.
Learn more about this agency


This position serves as the Information System Security Officer (ISSO) for the Information Technology Directorate (MRI), NAF Business and Support Services Division (MR), Manpower and Reserve Affairs Department, Headquarters Marine Corps. The incumbent will work under the direction of an Information System Security Manager to provide system security officer services to Marine Corps installations worldwide.

The Information System Security Officer (ISSO) serves within the Enterprise Cybersecurity and Compliance Office. The ISSO will serve as an analyst for all disciplines within the security program including the enforcement of the organization's security awareness programs, continuous monitoring program, and all industry and governmental compliance issues. Verifies IT security awareness compliance amongst the user community through annual security training records. Tracks the implementation of information technology (IT) security controls and security authorization documents; and ensures the system is compliant with mandated security policies and requirements. Works closely with and receives reports from Information Systems Administrators and system owners.

Analyzes the security posture for one or more system(s) throughout the entire lifecycle; provides continuous monitoring through scheduled audits, controls testing, and audit reviews, and escalates issues as needed. Provides technical recommendations for all Risk Assessments and Vulnerability Assessments conducted for the system or site. Provides security analysis of IT activities to ensure that appropriate security measures are in place and being enforced. Tracks audit findings and recommendations to ensure that appropriate mitigation actions are taken.

Performs security compliance efforts IAW the Payment Card Industry (PCI), Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology Special Publication (NIST SP) 800 series, Federal Information Processing Standards (FIPS) series, and USMC related policies and procedures. Follows systematic processes to measure continuous monitoring targets, FISMA goals, and readiness inspection criteria. Conducts analysis and reporting of identity and access management (idAM) compliance.

Assists in the daily operations of the MR Cybersecurity program objectives to implement processes and procedures as they relate to DoD , DON, USMC, MCCS policy, standards, and guidelines. Provides security monitoring for MR and subordinate commands to include coordinating MR security measures, conducting analysis, tracking certification compliance, processing access card requests, and review of information system configurations at appropriate classification levels. Coordinates with all departments within the Marine Corps Community Services (MCCS) and higher Marine Corps to support cybersecurity awareness initiatives. May conduct and coordinate training of personnel within pertinent cybersecurity subject domain as appropriate. May be responsible for raising security awareness and facilitating improved security.

Occasional travel to complete work assignments, conduct training or attend conferences and meetings may be required. Performs other related duties as assigned.

This is a white-collar position where occasional lifting up to 20 lbs may be required.

Performs other duties as assigned.

Travel Required

25% or less - Varies

Supervisory status

Promotion Potential


Conditions of Employment

  • See Duties and Qualifications



Bachelors' Degree in Information Technology or Business related field appropriate to the work of position AND three years of experience performing specific tasks for Information System Security Officer (ISSO), audit log analysis, vulnerability management, or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above.

Knowledge of risk management processes, secure configuration management techniques, Government laws and policies, cyber threats and vulnerabilities, encryption algorithms, host/network access control mechanisms, vulnerability information dissemination sources, Payment Card Industry (PCI) data security standards, Personally Identifiable Information (PII) data security standards, network authentication identity and access management, intrusion detection methodologies and techniques for detecting host and network-based intrusions, and organization's risk tolerance and/or risk management approach.

Skill in evaluating adequacy of security design, using protocol analyzers, collecting data from a variety of cyber resources, recognizing and categorizing types of vulnerabilities, interpreting vulnerability scanner results to identify vulnerabilities, assessing cloud security measures and microservices, running Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark, conducting trends analysis, and security configuration reviews.

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data, apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation), conduct vulnerability scans and recognize vulnerabilities in security systems, and interpret the information collected by network tools.

As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete DoD Workforce Improvement Program certification (DoD 8570.01-M) as a condition of access within six months of employment. This position has been determined as a level 2 ISSO.

This position had been determined as Moderate Risk. As a condition of employment, the incumbent must be able to obtain and maintain an Access National Agency Check and Inquiries (ANACI/ Tier 3) Secret Clearance to access classified information.

Eligible for incremental telework as determined by MR/MF policy.


Additional information

GENERAL INFORMATION: Applicants are assured of equal consideration regardless of race, age, color, religion, national origin, gender, GINA, political affiliation, membership or non-membership in an employee organization, marital status, physical handicap which has no bearing on the ability to perform the duties of the position. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify the agency. The decision on granting reasonable accommodation will be on a case-by-case basis.

It is Department of Navy (DON) policy to provide a workplace free of discrimination and retaliation. The DON No Fear Act policy link is provided for your review:

As part of the employment process, Human Resources Division may obtain a Criminal Record Check and/or an Investigative Consumer Report. Employment is contingent upon the successful completion of a National Agency Check and Inquiries (NACI). For all positions requiring access to firearms or ammunition, the Federal Government is prohibited from employing individuals in these positions who have ever been convicted of a misdemeanor crime of domestic violence, or a felony crime of domestic violence adjudged on or after 27 November 2002. Selectees for such positions must submit a completed DD Form 2760, Qualification to Possess Firearms or Ammunition, before a final job offer can be made.

Direct Deposit of total NET pay is mandatory as a condition of employment for all appointments to positions within MCCS.

Required Documents:

*Education/certification certificate(s), if applicable.

*If prior military, DD214 Member Copy

This activity is a Drug-free workplace. The use of illegal drugs by NAF employees, whether on or off duty, cannot and will not be tolerated. Federal employees have a right to a safe and secure workplace, and Marines, sailors, and their family members have a right to a reliable and productive Federal workforce.

Involuntarily separated members of the armed forces and eligible family members applying through the Transition Assistance Program must submit a written request/statement (may be obtained from the MCCS Human Resources Office) and present ID card with "TA" stamped in red on front of card.



How You Will Be Evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Your application/resume and supporting documentation will be used to determine whether you meet the job qualifications listed on this announcement. This vacancy will be filled by the best qualified applicant as determined by the selecting official.

Background checks and security clearance

Security clearance
Not Required

Drug test required

Required Documents


If you are relying on your education to meet qualification requirements:

Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education .

Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.

Similar jobs