Information System Security Officer (ISSO)

This is a U.S. based position. All of the programs we support require U.S. citizenship to be eligible for employment. All work must be conducted within the continental U.S.

Who we are:

Raft (https://TeamRaft.com) is a customer-obsessed non-traditional small business with a purposeful focus on Distributed Data Systems, Platforms at Scale, and Complex Application Development, with headquarters in McLean, VA. Our range of clients includes innovative federal and public agencies leveraging design thinking, cutting-edge tech stack, and cloud-native ecosystem. We build digital solutions that impact the lives of millions of Americans.

We’re looking for an experienced Information System Security Officer (ISSO) to support our customers and join our passionate team of high-impact problem solvers.

About the role:

As an Information System Security Officer (ISSO) at Raft, you will expertly manage the security aspects of our cutting-edge platforms and systems designed for our esteemed clients. The ISSO will play an instrumental role in generating and maintaining the necessary artifacts to achieve and sustain Authority to Operate (ATO) while working in close collaboration with our development team. This collaboration ensures the seamless integration of security controls early in the development lifecycle. You will audit and monitor all of the platforms & tooling across the customer environment including those supporting classified programs. This role requires a deep understanding of cybersecurity principles, federal compliance requirements, and a passion for safeguarding national digital infrastructure

What we are looking for:

• Minimum of 3 years' experience in ISSM/O roles
  
• Broad knowledge of the NIST CSF, NIST RMF, and related NIST Special Publications such as NIST SP 800-53 & 800-171
  
• Expert knowledge of RMF tools such as ServiceNow, XACTA, eMASS, Archer, or SAP 
  
• Proficient in conducting risk assessments, audits, and compliance monitoring within DoD environments
  
• Demonstrated proficiency in managing and creating Body of Evidence (BOE) artifacts, including POA&Ms, SSPs, RARs, Vulnerability Assessments, Security Assessment Plans, etc.
  
• Understanding of and experience with SIEM tools such as Splunk, Grafana, or ELK
  
• Proficient in conducting continuous monitoring activities such as auditing, configuration reviews, policy & procedure reviews, etc.
  
• Demonstrated experience managing compliance activities for both on-prem & cloud-based (AWS) systems & networks
  
• Experience with AWS security tooling such as CloudTrail, CloudWatch, Guard Duty, Inspector, etc.
  
• Experience conducting internal self-assessments and audits with external assessors such as USAF or DCSA
  
• Experience with common …