Job No: 502748
Work Type: Staff Full Time (1500 hours or greater)
Location: Dayton, OH
Category: Research Institute Staff
Department: Software Architecture - 250369
Pay Grade: R3 - Exempt
Advertised: April 15, 2025
Applications close: April 29, 2025

POSITION SUMMARY:

Join the University of Dayton’s Research Institute (UDRI) Cutting-Edge Cybersecurity Team! UDRI is seeking a highly motivated and experienced Information Systems Security Officer (ISSO) to join our dynamic Sensor & Software Systems division. This is an exciting opportunity to be part of a team that develops advanced technologies for the Department of Defense and other government agencies. This position offers health, dental and vision insurance, retirement, disability, tuition assistance for you and your dependents, vacation/sick accrual and holiday pay. Apply today!
The Information System Security Officer (ISSO) position is supporting the Air Force Rapid Sustainment Office (RSO). The RSO increases mission readiness by rapidly identifying, applying and scaling technology essential to the operation and sustainment of the U.S. Air Force. Success comes from our teamwork and mutual respect for each other’s talents and unique perspectives.
This role supports the government cyber lead and provides cybersecurity support for advanced software-intensive technologies to include agile manufacturing, conditioned-based maintenance, augmented reality/virtual reality, cloud-based infrastructure and services, and robotics.

Responsibilities:

• Serve as cybersecurity technical advisor, consultant, and primary point of contact to the Program Manager, Information System Owner, and other stakeholders for the Information systems
• Assessing systems for vulnerabilities and providing corrective recommendations.
• Supporting government Cyber lead in performing RMF activities leading to system RMF acceptance IAW DoDI 8510.01, NIST 800-series special publications, USAF policy and instructions, and guidance as applicable on RSO IT systems in networked, standalone, and cloud configurations.
• Support, coordinate, and continuously monitor system security posture and ensure adverse events are formally handled and reported
• Developing, reviewing, and updating necessary documentation associated with achieving RMF accreditation of each system.
• Applying currently accepted methods for documenting the RMF status of each RSO system within the DoD environment.
• Security Technical Implementation Guides (STIGs) for all systems
• Managing projects in compliance with DoD and AF RMF policies including but not limited to the following:

o DoDI 8500.01 – Cybersecurity Risk Management Framework for DoD Information Technology.
o DoD 8570.01 M - Information Assurance Training, Certification, and Workforce Management.
o CNSSI 1253 - Security Categorization and Control Selection for National Security Systems.
o NIST 800-series Special Publications (SP).
o Computer Security, including SP 800-53 - Security Controls and Assessment Procedures for Federal Information Systems and Organizations and Air Force Instruction Series 17.
Cyberspace:

Accomplishing system categorization, security control selection, security control implementation, security control assessment, and security control monitoring, including, but not limited to, accomplishing the RMF steps as outlined in DoDI 8510.01 on a system-by-system basis

• Providing system performance reporting.
• Support System Administrator for multiple cloud projects and implementations.
• Supporting Interim Authority to Test (IATT)/ Authority to Operate (ATO) planning and execution.

MINIMUM QUALIFICATIONS:

• Bachelors of Science Degree in Cybersecurity, Computer Science, or related field
• 7+ years relevant cybersecurity and information technology experience
• 7+ years experience with the NIST RMF process or ISO Standards.
• Current Security+ Certification
• Security Technical Implementation Guides (STIGs) application experience
• Cloud Application experience
• The applicant must meet DoD 8570.01-M IAM Level I or higher certification requirements on hire date
• Familiarity with the DOD Information Assurance Vulnerability Management program
• Past experience with submission of system security package to DoD for ATO, IATO, etc.
• Effective verbal and written communication skills
• Ability to obtain a Secret level security clearance
• Due to the requirements of our research contracts with the U.S. federal government, candidates for this position must be a U.S. citizen

PREFERRED QUALIFICATIONS:

While not everyone may possess all of the preferred qualifications, the ideal candidate will bring many of the following:

• Masters of Science Degree in Cybersecurity, Computer Science, or related field
• CISM certification (DoD 8570.01-M IAM Level II)
• 9+ years’ DoD cybersecurity experience
• 9+ years experience with the NIST RMF process and/or ISO Standards.
• 9+ years experience with the FISMA Standards
• 7+ years experience with the Enterprise Mission Assurance Support Service (eMASS)
• 3+ years working in an Agile development environment
• 7+ years experience supporting various software projects as they strive to achieve an Authority to Operate (ATO) or Interim Authority to Test (IATT)
• Experience with commercial scanners such as XACTA and Tenable Nessus Scanner
• Willingness to work in a hybrid work environment
• 7+ years experience providing formal documentation of results to RMF and presenting to approving officials (or supporting ATO briefs)
• Current Secret level security clearance or currently in the process of obtaining a Secret level security clearance (T3 Investigation)
• Ability to promote inclusive excellence in the workplace

• Serve as cybersecurity technical advisor, consultant, and primary point of contact to the Program Manager, Information System Owner, and other stakeholders for the Information systems
• Assessing systems for vulnerabilities and providing corrective recommendations.
• Supporting government Cyber lead in performing RMF activities leading to system RMF acceptance IAW DoDI 8510.01, NIST 800-series special publications, USAF policy and instructions, and guidance as applicable on RSO IT systems in networked, standalone, and cloud configurations.
• Support, coordinate, and continuously monitor system security posture and ensure adverse events are formally handled and reported
• Developing, reviewing, and updating necessary documentation associated with achieving RMF accreditation of each system.
• Applying currently accepted methods for documenting the RMF status of each RSO system within the DoD environment.
• Security Technical Implementation Guides (STIGs) for all systems
• Managing projects in compliance with DoD and AF RMF policies including but not limited to the following