Type of Requisition:
RegularClearance Level Must Currently Possess:
SecretClearance Level Must Be Able to Obtain:
Top SecretPublic Trust/Other Required:
NoneJob Family:
Cyber and IT Risk ManagementJob Qualifications:
Skills:
Information System Security, Risk Management Framework, Security Information and Event Management (SIEM), Technical AuditingCertifications:
NoneExperience:
6 + years of related experienceUS Citizenship Required:
YesJob Description:
The Information Systems Security Officer (ISSO) III is responsible for ensuring the appropriate operational security posture is maintained for assigned Commercial Solutions for Classified (CSfC) information systems.
This role works in close coordination with the ISSM and system owners and is responsible for day-to-day security operations, with a strong emphasis on security monitoring, audit validation, SIEM engineering, and continuous monitoring activities.
The ISSO will provide technical expertise in log aggregation, telemetry validation, dashboard development, and audit analysis to ensure compliance with NIST 800-53, DoWI 8510.01, and CSfC Capability Package requirements.
This position requires hands-on experience with enterprise SIEM platforms such as Elastic (ELK stack), Splunk, or equivalent technologies.
Assist the ISSM in meeting assigned duties and responsibilities in accordance with DoWI 8510.01 and NIST RMF guidance.
Conduct continuous monitoring activities for assigned authorization boundaries.
Prepare, review, and update authorization documentation related to audit and monitoring controls.
Conduct periodic reviews of information systems to ensure compliance with the security authorization package.
Assess the security impact of system changes and provide recommendations to the ISSM prior to implementation.
Execute the cybersecurity portion of system self-inspections and assessment activities.
Configure, manage, and optimize enterprise SIEM platforms including Elastic (ELK stack), Splunk, or equivalent.
Design, build, and maintain dashboards that provide real-time visibility into:
Authentication and access events
Privileged user activity
Administrative changes
Boundary device and encryption component logs
System configuration modifications
Network security events
Develop and tune correlation rules and alert thresholds to improve detection capability and reduce false positives.
Ensure audit records are properly collected, forwarded, parsed, indexed, and retained in accordance with policy.
Troubleshoot ingestion failures, log parsing issues, and telemetry gaps.
Validate time synchronization and log integrity across system components.
Provide telemetry artifacts and dashboard outputs to support internal and external audits.
Ensure audit records are reviewed and documented, including identification of anomalies.
Support implementation and validation of CSfC Capability Package security requirements.
Ensure appropriate logging and monitoring of encryption components, boundary devices, and supporting infrastructure.
Coordinate with system and network administrators to ensure monitoring requirements are embedded in system deployments.
Provide recommendations to enhance monitoring visibility and audit compliance within CSfC enclaves.
Support RMF lifecycle activities within eMASS.
Maintain SSP sections related to monitoring and audit architecture.
Review ACAS scan results and correlate findings with SIEM telemetry.
Validate STIG implementation and audit configuration settings.
Assist with development of assessment and authorization documentation and bodies of evidence.
7+ years of cybersecurity experience.
3+ years of hands-on experience supporting security monitoring, SIEM operations, or ISSO functions.
Experience configuring and maintaining Elastic (ELK stack), Splunk, or equivalent enterprise SIEM platforms.
Experience building and customizing security dashboards and telemetry views.
Experience supporting DoW RMF and continuous monitoring activities.
Experience reviewing STIGs and correlating vulnerability findings with audit logs.
Working knowledge of NIST 800-53 Rev 5 controls, particularly AU and SI families.
Experience with log ingestion pipelines (syslog, Winlogbeat, Filebeat, agents, or equivalent).
Experience supporting CSfC systems.
Experience establishing monitoring visibility in newly deployed environments.
Experience tuning alerts and reducing false positives.
Prior experience as a System Administrator or Network Administrator.
Elastic or Splunk certification.
Experience conducting technical audit reviews.
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or related discipline.
Experience may be substituted for education in accordance with company policy.
DoD 8570 IAT Level II minimum (Security+ CE, CySA+, CCNA Security, etc.).
IAM Level I or II preferred.
Elastic, Splunk, GSEC, GCIA, or similar monitoring-focused certifications desired.
Active Secret or TS/SCI required.
Must be eligible to obtain CI Polygraph if required.
GDIT IS YOUR PLACE:
● 401K with company match
● Comprehensive health and wellness packages
● Internal mobility team dedicated to helping you own your career
● Professional growth opportunities including paid education and certifications
● Cutting-edge technology you can learn from
● Rest and recharge with paid vacation and holidays
#DefenseOCONUS
OWN YOUR OPPORTUNITY
Explore a career in cyber at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.
Scheduled Weekly Hours:
40Travel Required:
Less than 10%Telecommuting Options:
OnsiteWork Location:
InternationalAdditional Work Locations:
Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.Join our Talent Community to stay up to date on our career opportunities and events atEqual Opportunity Employer / Individuals with Disabilities / Protected Veterans