Arlluk Technology Solutions, LLC a Koniag Government Services company, is seeking an Information Systems Security Officer (ISSO) with a Secret security clearance to support ATS and our government customer. The position is remote. We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more. Koniag Government Services is seeking an experienced Information Systems Security Officer (ISSO) to support and maintain the security posture of critical Department of War (DOW) information systems. The ideal candidate will be a detail-oriented professional with extensive expertise in the DOD Risk Management Framework (RMF), DISA regulations, and STIG compliance. This role involves working closely with government stakeholders to manage vulnerabilities via ACAS and HBSS, maintain Authority to Operate (ATO) accreditations, and develop comprehensive security documentation. The successful candidate will possess strong analytical skills and the ability to ensure continuous cybersecurity compliance within a fast-paced, mission-critical environment. The Information Systems Security Officer will be responsible for maintaining the security posture of multiple DOW information systems and ensuring compliance with all applicable cybersecurity frameworks and regulations. Principal responsibilities will include but are not limited to: - Develop and maintain System Administration Documentation that maps interdependencies and critical paths for successful system refreshes, working closely with government stakeholders to identify agency interdependencies - Create and update Configuration and Architecture Diagrams in relation to critical paths and system interdependencies - Provide comprehensive RMF documentation to the ISSM in accordance with DOD accreditation processes - Verify compliance with STIG, DISA Chief Technology Office (CTO), and INFOCON guidelines and requirements - Validate security postures and update findings for assigned databases based on Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS) reports and logs - Adhere to CYBERCOM Information Assurance Vulnerability Alerts (IAVAs) by applying required patches and maintaining Plan of Action and Milestones (POA&M) documentation - Conduct STIG Checklist reviews and provide detailed reports of all findings in accordance with RMF frequency requirements - Generate monthly Cybersecurity Reports containing patch schedules for all servers, accreditation status, POA&M status, IAVA status, ACAS scan remediation status, and DISA CTO compliance status - Develop system and cybersecurity policies and plans to identify and respond to threats in compliance with DOW and DISA regulations - Audit access controls and permissions for CSS, COPS, and FABS systems in accordance with DOW and DISA compliance requirements - Provide incident response and recovery support as necessary - Support obtaining and maintaining Authority to Operate (ATO) accreditations for CSS and COPS/FABS systems - Maintain security posture for CSS, COPS/FABS, and EDMS systems - Support DISA ISSO/ISSM with security information to respond to taskers and emerging cybersecurity requirements - Support development and maintenance of Incident Response Plans (IRPs) and Continuity of Operations Plans (COOPs) - Interpret, plan for, prioritize, and implement actions necessary to maintain compliance with DOD and DISA cybersecurity requirements Education and Experience: - Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field from an accredited college or university - 5+ years of experience as an ISSO supporting DOW information systems - Current DOD 8570.01-M IAT Level II or IAM Level II certification (CISSP, CISM, or CAP certification) - Experience working within the Risk Management Framework (RMF) Clearance Requirement: - Active Secret security clearance Required Skills and Competencies: - Comprehensive knowledge of DOD Risk Management Framework (RMF) and accreditation processes - Expertise in Security Technical Implementation Guides (STIGs) and STIG compliance verification - Proficiency with ACAS (Nessus) scanning tools and vulnerability management - Experience with Host Based Security System (HBSS) including ePO administration - Strong understanding of DISA CTO requirements and INFOCON procedures - Knowledge of CYBERCOM IAVAs and patch management processes - Ability to develop and maintain POA&Ms and track remediation efforts - Experience creating technical documentation including system architecture diagrams and security plans - Proficiency in conducting security assessments and audits - Knowledge of access control principles and implementation - Understanding of incident response procedures and recovery operations - Familiarity with ATO processes and requirements - Strong analytical and problem-solving abilities - Excellent written and verbal communication skills - Ability to work independently and as part of a team - Strong attention to detail and organizational skills - Ability to manage multiple priorities and meet strict deadlines Our Equal Employment Opportunity Policy The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment. The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations. Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com. Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352

• Responsible for serving as a security expert within their respective cybersecurity specialty • Collaborates closely with Cybersecurity Engineers, business analysts, architects, vendor partners, and other teams within the IT organization • Enforces security controls for applications or service architectures • Maintains daily operations, assists with assigned project work, conducts design reviews • Analyzes user access needs, develop access roles and add/change/delete user access accordingly • Assists in special projects, such as application go-lives, upgrades, enhancements

• You will identify problems with ambiguous requirements (lack of clarity, inconsistencies, technical limitations) for their your work , and communicates these issues early to help course-correct • You will communicate technical decisions through design docs, tech talks and mentor junior security responders via security guidance, design reviews and code reviews. • You will triage and respond to security events and alerts by understanding existing logs, correlating from multiple sources during an investigation. • Respond to new incidents as part of a distributed 24x7 operations and oncall schedule. • You will build automation to improve security incident response and alerts triage.

• The Senior Application Security Consultant plays a strategic and hands‑on role in protecting PwC's global application ecosystem by embedding security throughout the Software Development Life Cycle (SDLC). • This professional operates beyond technical execution and advisory work, acting as a strategic security partner for application, cloud and platform teams—shaping architectural decisions, leading complex assessments and driving the continuous advancement of secure engineering practices. • The role is expected to work with a high level of autonomy, provide technical leadership, influence senior stakeholders, and contribute directly to the evolution of the global Application Security strategy, including standards, tools and organizational maturity. • Key responsibilities: • Act as a senior security consultant for development, cloud and platform teams, ensuring security by design • Lead security architecture assessments for complex, distributed and cloud‑native systems • Conduct secure design reviews, threat modeling and risk‑based decision making • Lead and execute Application Readiness Reviews (ARR) for critical applications and platforms • Define and promote global Application Security standards (NIS), including best practices and architectural patterns • Provide expert guidance on secure coding, vulnerability remediation and architectural risk trade‑offs • Perform advanced analysis of vulnerabilities reported by tools such as SAST, DAST, SCA, container scanners and cloud‑native security tooling • Partner with Risk Management and Business Information Security Officers to define mitigation and risk acceptance strategies • Influence engineering teams to adopt DevSecOps practices, security controls in CI/CD and automation • Contribute to the selection, evaluation and optimization of security tools and platforms • Mentor more junior professionals through technical reviews, coaching and feedback