Cybersecurity – Associate Information System Security Officer (ISSO)

About The Position

Requirements

• Successfully completed Tier 5 Investigation (T5), formerly known as a Single Scope Background Investigation (SSBI) by the federal government within the last 5 years, or requires candidate to have been enrolled in a Continuous Vetting program within the last 5 years
• IAM Level 1 DoD 8140.03 (previously 8570.01) compliant certification (i.e. , Security+ CE, CAP, CISSP, CASP, CISM, GSLC)
• 1+ years of combined experience and/or education in cybersecurity, IT, or a related field
• Willing and able to travel domestically 10% of the time
• Must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.62 is required. “U.S. Person” includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee.
• Requires an active U.S. Top Secret/SCI Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)

Nice To Haves

• Experience with the Risk Management Framework (RMF), cybersecurity policies, and RMF implementation (e.g., DAAG, CNSSI 1253, ICD-503, JSIG, or NIST SP 800 series)
• Experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs
• Experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS
• Experience assessing and documenting test or analysis data to show cyber security compliance

Responsibilities

• Performs security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
• Assists with implementation of the Assessment and Authorization (A&A) processes under the Risk Management Framework (RMF) for new and existing information systems
• Assists with development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acknowledgement Letters (RAL) and support Continuous Monitoring (CONMON)
• Assists with configuration management of assigned systems; auditing systems to ensure security posture integrity
• Works with staff to complete assessments and test/analysis data to document state of compliance with security requirements
• Conducts risk assessments and investigations, execute appropriate risk mitigations, and oversee incident response activities
• Conducts periodic hardware/software inventory assessments
• Interfaces with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements
• Monitors the development and deployment of program information security for all program systems to meet the program and enterprise requirements, policies, standards, guidelines and procedures
• Performs security compliance continuous monitoring
• Participates in security assessments and audits
• Prepares, reviews, and presents technical reports and briefings
• Identifies root causes, prioritizes threats and recommends and/or implements corrective action
• Explores the enterprise and industry for evolving state of industry knowledge and methods regarding information security best practices

Benefits

• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• paid time away from work
• unpaid time away from work