• Information Systems Security Officer (ISSO)

    Job Locations US-VA-Quantico
    Job ID
    # of Openings
    Cyber Security
    Clearance Level
    Top Secret
  • Company Description

    Spry is a certified Small Disadvantaged Business (SDB) headquartered in McLean, VA. Spry provides Enterprise, C4IT, Management, and Cyber Solutions to the federal government and commercial entities. Founded in 2001, Spry Methods was built on the foundation of combining industry knowledge with unmatched responsiveness to produce results for our customers. Our goal is to build a business dedicated to the maximization of value for all stakeholders starting with our employees, our customers, and our community. We recognize that talented and dedicated employees are our most valued assets and the foundation of our success. Guided by these principles, we have established an impressive track record of proven past performance serving our customers within the Commercial, Federal Civilian, DoD, and Intelligence Communities. A CMMI Level 3 certified and ISO 9001:2008 registered company, Spry is committed to quality and continuous improvement.


    Spry Methods is seeking an Information Systems Security Officer (ISSO) in support of the FBI. The ISSO is responsible for implementing and following FBI and Federal Information Assurance policies and guidelines for securing FBI information systems.

    Job Responsibilities and/or Success Factors

    • Ensuring that Stakeholders adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information System's Authority to Operate (ATO) under The Federal Information Security Management Act (FISMA) of 2002 following NIST 800-53 guidelines and NIST 800-53a security controls assessment practices
    • Guide systems engineering design and development toward a "baked-in" security design using Information Assurance best practices as well as FBI-specific policies and guidelines
    • Expert knowledge and hands-on experience with FISMA Systems, NIST 800-series guidelines, Intelligence Community Directive 503 (ICD 503), Committee on National Security Systems (CNSS) Instructions, FIPS, C&A requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management
    • Proficient with vulnerability and scanning tools and well-versed in interpreting risk posture resulting from assessment reports. Experience in project management and tracking, and the Microsoft suite of office products
    • Following IAPS processes regarding people management and project management (performance management, planning, scheduling, etc.)
    • Guide engineering development for the security design using IA enabled products
    • Maintain up to date documents such as procedures, work instructions, plans and manuals
    • Very knowledgeable of FISMA, NIST, previous C&A experience, continuous monitoring experience, vulnerability management, scanning, risk management, project management, proficient with Microsoft products - Word, Excel, PowerPoint

    Required skills and experience include

    • 8+ years of experience in computer science or cyber-related field
    • Active Top Secret clearance with the ability to obtain and maintain SCI and CI polygraph
    • CISSP

    Preferred skills

    • FISMA, NIST, and/or C&A experiences
    • Experience with Tenable's Nessus and/or Security Center, IBM Guardium, HP WebInspect, or Network Mapper is a plus
    • Risk assessment experience, especially with NIST 800-503 Threat identification, system security categorization, gap analysis, compliance reporting
    • Security analysis experience, especially trend analysis, incident response, encryption
    • Security assessment experience doing vulnerability scanning, penetration testing, system hardening, system integration, packet sniffing
    • Software development experience a plus given the unit supporting
    • Must be able to apply and validate patches
    • Develop, track, create and manage POA&Ms
    • Able to handle site accreditation
    • Operational security experience a definite plus
    • Security plan knowledge and creation experience a definite plus
    • Knowledge of and experience with quality assurance and continuous monitoring
    • Experience working in SCIF a plus
    • Knowledge of INFOSEC Assessment Methodology/Evaluation Methodology (NSA IAM/NSA IEM)
    • contribute to the accuracy and efficiency of analysis operations through technical innovation, procedural refinement, training of analysts and analyst oversight
    • Accountable for the real-time analysis, commentary and handling of security events
    • Demonstrate the analysis system and analyst capabilities

    EEO Statement

    At Spry, we believe talented and dedicated employees are our most valued assets and the foundation of our success. We are committed to crafting a diverse and inclusive workplace that endorses engagement, creativity, quality and innovation.


    We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed