DDC Innovation & Growth is seeking a part-time Information System Security Officer (ISSO) to support the United States Court of Appeals for the Armed Forces (USCAAF) in Washington, DC. This position requires on-site support and offers an opportunity to lead cybersecurity and risk management efforts in alignment with Department of Defense (DoD) and Federal regulations.

The ISSO will provide comprehensive cybersecurity oversight, ensuring the confidentiality, integrity, and availability of USCAAF’s information systems throughout their lifecycle.

*This position is contingent upon contract award.*

Cybersecurity & Risk Management Framework (RMF)

• Manage the full RMF lifecycle per DoDI 8510.01, including the use of Enterprise Mission Assurance Support Service (eMASS) for all A&A documentation.
• Prepare, submit, and maintain complete system authorization packages to achieve and maintain Approval to Operate (ATO) status.

Technology Vetting

• Develop and enforce a technology review process for all new software, hardware, and cloud services.
• Validate compliance with the DoD Approved Products List (APL) and assess potential cybersecurity risks prior to implementation.

Configuration & System Hardening

• Maintain and document the authorized hardware/software baselines.
• Participate in the Configuration Control Board (CCB) and ensure all changes are properly vetted, tested, and approved.
• Implement and maintain configurations per DISA STIGs and Security Requirements Guides (SRGs).

Continuous Monitoring & Vulnerability Management

• Conduct vulnerability scanning and compliance monitoring using tools such as ACAS.
• Perform hands-on remediation via patching, scripting, and configuration updates within established compliance timelines.
• Manage and track Plans of Action and Milestones (POA&Ms) throughout their lifecycle.

Risk Acceptance & Reporting

• Develop formal risk acceptance packages for vulnerabilities that cannot be remediated immediately, including justifications and compensating controls.
• Maintain continuous communication with government leadership regarding cybersecurity posture, risk, and compliance metrics.

Audit, Incident Response & Contingency Planning

• Maintain and review system audit logs per DoD requirements.
• Support cybersecurity incident response activities and coordinate with DoD Cyber Incident Response teams as required.
• Develop, maintain, and annually test the System Contingency Plan (NIST SP 800-34), documenting outcomes and lessons learned.

• Active DoD Secret clearance (or ability to obtain and maintain one).
• DoD 8570/8140 IAM Level II or III certification (e.g., CAP, CASP+, CISSP, CISM).
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related discipline (or equivalent experience).
• 5+ years of cybersecurity or ISSO experience supporting DoD or Federal programs.
• Proven experience managing RMF processes and using eMASS for A&A documentation.
• Familiarity with DISA STIGs, NIST SP 800-series, DoDI 8510.01, and ACAS tools.
• Strong understanding of configuration management, vulnerability management, and incident response procedures.

Preferred Qualifications

• Experience supporting judicial or defense organizations.
• Strong written communication skills and ability to prepare formal cybersecurity documentation.

Position Details

• Location: On-site, Washington, DC
• Schedule: Part-time
• Clearance: Secret (Active or Interim acceptable)

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.