CSfC Information Systems Security Officer (ISSO) III - Ramstein, Germany

Job Description Summary

The Information Systems Security Officer (ISSO) III is responsible for ensuring the appropriate operational security posture is maintained for assigned Commercial Solutions for Classified (CSfC) information systems.

This role works in close coordination with the ISSM and system owners and is responsible for day-to-day security operations, with a strong emphasis on security monitoring, audit validation, SIEM engineering, and continuous monitoring activities.

The ISSO will provide technical expertise in log aggregation, telemetry validation, dashboard development, and audit analysis to ensure compliance with NIST 800-53, DoWI 8510.01, and CSfC Capability Package requirements.

This position requires hands-on experience with enterprise SIEM platforms such as Elastic (ELK stack), Splunk, or equivalent technologies.

Performance Shall IncludeOperational Security & Continuous Monitoring

• Assist the ISSM in meeting assigned duties and responsibilities in accordance with DoWI 8510.01 and NIST RMF guidance.

• Conduct continuous monitoring activities for assigned authorization boundaries.

• Prepare, review, and update authorization documentation related to audit and monitoring controls.

• Conduct periodic reviews of information systems to ensure compliance with the security authorization package.

• Assess the security impact of system changes and provide recommendations to the ISSM prior to implementation.

• Execute the cybersecurity portion of system self-inspections and assessment activities.

SIEM, Audit & Telemetry Engineering (Primary Focus Area)

• Configure, manage, and optimize enterprise SIEM platforms including Elastic (ELK stack), Splunk, or equivalent.

• Design, build, and maintain dashboards that provide real-time visibility into:

  • Authentication and access events

  • Privileged user activity

  • Administrative changes

  • Boundary device and encryption component logs

  • System configuration modifications

  • Network security events

• Develop and tune correlation rules and alert thresholds to improve detection capability and reduce false positives.

• Ensure audit records are properly collected, forwarded, parsed, indexed, and retained in accordance with policy.

• Troubleshoot ingestion failures, log parsing issues, and telemetry gaps.

• Validate time synchronization and log integrity across system components.

• Provide telemetry artifacts and dashboard outputs to support internal and external audits.

• Ensure audit records are reviewed and documented, including identification of anomalies.

CSfC Security Support

• Support implementation and validation of CSfC Capability Package security requirements.

• Ensure appropriate logging and monitoring of encryption components, boundary devices, and supporting infrastructure.

• Coordinate with system and network administrators to ensure monitoring requirements are embedded in system deployments.

• Provide recommendations to enhance monitoring visibility and audit compliance within CSfC enclaves.

RMF & Vulnerability Management Support

• Support RMF lifecycle activities within eMASS.

• Maintain SSP sections related to monitoring and audit architecture.

• Review ACAS scan results and correlate findings with SIEM telemetry.

• Validate STIG implementation and audit configuration settings.

• Assist with development of assessment and authorization documentation and bodies of evidence.

Required Experience

• 7+ years of cybersecurity experience.

• 3+ years of hands-on experience supporting security monitoring, SIEM operations, or ISSO functions.

• Experience configuring and maintaining Elastic (ELK stack), Splunk, or equivalent enterprise SIEM platforms.

• Experience building and customizing security dashboards and telemetry views.

• Experience supporting DoW RMF and continuous monitoring activities.

• Experience reviewing STIGs and correlating vulnerability findings with audit logs.

• Working knowledge of NIST 800-53 Rev 5 controls, particularly AU and SI families.

• Experience with log ingestion pipelines (syslog, Winlogbeat, Filebeat, agents, or equivalent).

Preferred Experience

• Experience supporting CSfC systems.

• Experience establishing monitoring visibility in newly deployed environments.

• Experience tuning alerts and reducing false positives.

• Prior experience as a System Administrator or Network Administrator.

• Elastic or Splunk certification.

• Experience conducting technical audit reviews.

Education

Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or related discipline.
Experience may be substituted for education in accordance with company policy.

Certifications

• DoD 8570 IAT Level II minimum (Security+ CE, CySA+, CCNA Security, etc.).

• IAM Level I or II preferred.

• Elastic, Splunk, GSEC, GCIA, or similar monitoring-focused certifications desired.

Clearance

• Active Secret or TS/SCI required.

• Must be eligible to obtain CI Polygraph if required.

GDIT IS YOUR PLACE:

● 401K with company match
● Comprehensive health and wellness packages
● Internal mobility team dedicated to helping you own your career
● Professional growth opportunities including paid education and certifications
● Cutting-edge technology you can learn from
● Rest and recharge with paid vacation and holidays

#DefenseOCONUS

OWN YOUR OPPORTUNITY
Explore a career in cyber at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.