About APTNEXUS

Since our founding 2012, AptNexus has empowered federal agencies and commercial enterprises to navigate the complexities of the digital landscape. As a quality-driven small business, we specialize in the seamless delivery of IT modernization and elite cybersecurity solutions. We help our clients modernize and fortify their technology stacks, ensuring their most critical data and assets remain resilient, optimized, and secure in an evolving threat environment.

Clearance:

• Must be eligible for Public Trust clearance. Active Treasury MBI or Secret clearance is a plus.

Position Overview:

AptNexus is seeking an experienced Information Systems Security Officer (ISSO) to support Department of Treasury Customer. In this role, you will provide assigned ISSO support for agency systems throughout their lifecycle, performing daily, weekly, and continuous systems monitoring duties in alignment with the NIST Risk Management Framework (RMF), Departmental/Treasury policy, and Agency-specific cybersecurity requirements.

• Ensure applicable cybersecurity policies and controls are implemented for the agency’s existing and new systems, maintaining an operational security posture consistent with current policy.
• Serve as the principal advisor to the Authorizing Official (AO), System Owner (SO), and/or CISO on all matters (technical and otherwise) involving assigned system security.
• Develop and maintain a full suite of SA&A artifacts, including: FIPS 199 categorizations, System Security Plans (SSPs), Privacy Threshold Analyses (PTAs), Privacy and Civil Liberties Impact Assessments (PCLIAs), Contingency Plans (CP) and Contingency Plan Tests (CPTs), Business Impact Analyses (BIAs), Security Assessment Reports (SARs), IV&V Reports, Risk Acceptances, Waivers, MOUs/ISAs, and Deviations.
• Develop, update, and maintain Plan of Action & Milestones (POA&M) reports on a monthly basis and as directed, providing trending analysis and remediation recommendations. Monitor open POA&Ms to ensure timely resolution.
• Conduct daily continuous monitoring of agency systems to ensure compliance with all applicable requirements and generate associated reports.
• Coordinate with System Owners to ensure system security documentation is maintained and that changes to systems are evaluated for security impact through the agency change management process.
• Support the development, maintenance, and reporting of Authority to Test (ATT) and Security Impact Analysis (SIA) documentation on a monthly basis or as required.
• Ensure that system audit trails are regularly examined and anomalies are reported to the bureau CSIRC or other designated security officials.
• Support the implementation and ongoing authorization of agency systems using NIST SP 800-137 Rev-2 (ISCM) guidance, supporting the Bureau’s transition from time-based ATOs to Ongoing Authorization.
• Maintain and support 100% of the agency’s system ATOs in an active and compliant status at all times.
• Ensure documentation detailing IT hardware and software configuration and all security countermeasures are developed and maintained.
• Utilize the Bureau’s Governance, Risk and Compliance (GRC) solution for development and maintenance of all required SA&A documentation.
• Analyze reports from security and privacy monitoring tools including vulnerability scanners, SIEM (Splunk/Elastic), Endpoint Detection and Response (EDR), CDM tools (BigFix, ForeScout, CyberArk), and coordinate corrective actions with IT team members.

Education & Certifications:

• Bachelor’s degree in Computer Science, Information Technology, or a related discipline from an accredited institution.
• One or more of the following certifications:
• • CISSP – Certified Information Systems Security Professional (required per contract)
  • CASP+ – CompTIA Advanced Security Practitioner
  • GDSA – GIAC Defensible Security Architect
  • Other equivalent certifications covering similar information security domains, depth of knowledge, or experience will be considered

Minimum Experience:

• 7 to 10 years of experience as an Information Systems Security Officer or Manager in a federal or federal contractor environment.
• Solid, hands-on understanding of NIST RMF (SP 800-37 Rev 2), NIST SP 800-53 Rev 5, NIST SP 800-53A, NIST SP 800-137 Rev 2, and FISMA requirements.
• Experience developing and maintaining complete SA&A packages including SSPs, POA&Ms, SARs, BIAs, CPs, and CPTs.
• Experience with Governance, Risk, and Compliance (GRC) platforms, preferably ServiceNow GRC.
• Experience interpreting security and privacy findings from assessments, audits, vulnerability scans, and continuous monitoring tools.
• Understanding of cloud security architecture across AWS, Azure, and/or Oracle Cloud environments.
• Familiarity with SCADA and Industrial Control Systems (ICS) security is highly desirable.
• Ability to obtain and maintain the required security clearance and pass suitability screening.