VNC Senior Cyber Security ISSO

The VNC Cyber Security Information Systems Security Officer (ISSO) works under the Chief of the Video Network Center Tech Support Section as a member of the IA workforce. The ISSO is responsible for implementation and sustainment of assigned systems in accordance with National Institute of Standards and Technology (NIST), DoD Instruction 8500.01, Cybersecurity and administering the Information Assurance (IA) duties. Components of the IA program include Assessment and Authorization (A&A) activities (i.e., documentation preparation, system configuration/validation, certification testing), security sustainment activities (i.e., hardware change management, software change management, account management, media protection, user interface, file transfers), conducting self-inspections, audit trail review, and delivering information systems security education and awareness. The ISSO will coordinate duties with the System Administrators and/or Information Technology (IT) staff to ensure all configuration requirements are implemented and functional. The ISSO will conduct technical and non-technical reviews and audits as prescribed by the Information Systems Security Manager (ISSM).

The Cyber Security Information System Security Officer (ISSO) specializing in Video Networking and Telephony acts as the primary cybersecurity advisor and liaison for VoIP, IP video, and video teleconferencing (VTC) infrastructure. They ensure these critical communication systems comply with DoD or federal cybersecurity frameworks while maintaining high availability, low latency, and secure data transmission.

Responsibilities:

Provides subject matter expertise to the Information Systems Security Manager (ISSM), Program Management Leadership, and technical teams developing/sustaining systems ensuring compliance with NIST and DoD Instruction 8500.01, Cybersecurity
• Leads Assessment and Authorization (A&A) activities under the Risk Management Framework (RMF) for VoIP, VTC, and IP surveillance systems.
• Manage and sustain the Risk Management Framework (RMF) package(s) in order to maintain an Authority to Operate (ATO) including ensuring the established security control baseline, control statements, and supporting evidence have been entered or uploaded into the Enterprise Mission Assurance Support Service (eMASS)
• Review security controls, security technical implementation guides (STIGs), vulnerability scans, engineering change proposals, evaluate the impacts to cybersecurity posture, and the effectiveness of proposed solutions
• Create and manage the systems profile in the Assured Compliance Assessment Solution (ACAS) tool, ensuring that monthly vulnerability scan results are uploaded
• On a weekly basis, run ACAS compliance scans, analyze, and identify compliance strategies Coordinate duties with the System Administrators and/or Information Technology (IT) staff to ensure all configuration requirements are implemented and functional
• Manage the cybersecurity Plans of Action and Milestones (POA&Ms), coordinating with government and contractor teams in formulating, creating, and tracking security POA&Ms
• Conduct technical and nontechnical reviews and audits as prescribed by the ISSM
• Conduct IA security education training for all VNC team members on appropriate risk mitigation strategies
• Monitor, manage, and report as required DoD 8570 and DoD 8140.03 compliance for appropriate VNC personnel
• Review and approve as the Information Assurance Officer (IAO), DD Form 2875 - System Authorization Access Request (SAAR) for assigned systems and enclaves
• Implement and monitor specialized security controls (NIST SP 800-53) for voice and video media, such as SRTP (Secure Real-time Transport Protocol), SIP TLS, and endpoint hardened configurations
• Apply and audit Security Technical Implementation Guides (STIGs) for IP telephony, videoconferencing bridges, and network devices
• Perform vulnerability assessments using tools like ACAS, SCAP, and Nessus on telephony/video endpoints and infrastructure, managing POAMs (Plan of Action and Milestones)
• Evaluate video networking architecture for potential security gaps, such as unauthorized access to call managers, weak encryption, or unpatched endpoints.
• Lead incident response efforts for communication breaches, such as toll fraud, eavesdropping, or video conferencing hijacking.
• Maintain system authorization packages, including System Security Plans (SSPs), Contingency Plans, and Incident Response Plans.

• Minimum of 12 years with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D. 16 years with HS diploma
• Must have active Secret Clearance
• Must be US citizen
• Current active IAT/IAM III certification (CISSP or CISM) with related Computing Environment (CE) certifications to comply with DoD 8570 and DoD 8140.03 requirements
• Experience in RMF or similar government IT certification and accreditation processes
• Experience working within Military Health environments (preferred)
• Familiarity with ServiceNow (MHSSHD) ITSM ticketing system (preferred)

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.