Employer typically looks for experience with Risk Management Framework (RMF), vulnerability management, ATO implementation, and COMSEC. Knowledge of NIST SP 800-53 and FIPS 199 / 200 is helpful. For an ISSO or Information Security Analyst role, understanding of policy and documentation may be more pronounced than straight technical expertise.
