F-35 Information System Security Officer - Montgomery, AL (Mid-Career)

Lockheed Martin•Montgomery, AL

1d•Onsite

About The Position

This Information System Security Officer (ISSO) position will support the Information System Security Manager (ISSM) in developing, maintaining and overseeing the cybersecurity of assigned classified and/or unclassified F-35 systems at Dannelly Field ANGB, AL. The role involves ensuring required cybersecurity controls are implemented and validated, supporting the development and maintenance of cybersecurity related plans and procedures, monitoring for non-compliance and anomalous activity, and reporting such activity and associated risks. The ISSO will also ensure Plans of Action and Milestones (POA&Ms) are in place for identified vulnerabilities and oversee corrective actions. This includes creating, collecting, and retaining data for reporting requirements, monitoring and correlating data from various sources to identify and mitigate threats, and investigating, analyzing, and responding to cyber events and incidents. The position also requires enforcing requirements for handling and storing Government data, conducting self-inspections, and preparing for customer inspections. Assigned systems may vary in classification, capabilities, and complexity. Mission requirements may require work outside of standard first-shift hours.

Requirements

Final Transferable Secret security clearance; last Periodic Reinvestigation must be within the last five (5) years or enrollment in Continuous Vetting program.
Ability to obtain and maintain Special Access Program (SAP) access.
Possess a valid certification that meets or exceeds DoD 8570.01-M IAT II requirements.
Prior experience in a cyber workforce role, as categorized by the NICE or DoD workforce frameworks.
Prior experience as an ISSO, ISSM or related DoD Cyber Workforce Role on one or more F-35 information systems.
Prior experience ensuring compliance with applicable laws, regulations, guidance and policies as they relate to DoD cybersecurity and SAPs (e.g., DoDI 8510.01, JSIG, DoDM 5205.07, NIST SP 800 series).
Prior experience with the system authorization process, associated artifacts and their requirements (e.g., SSP, SCTM, Security CONOPs, SOPs).
Must be a US Citizen for consideration.

Nice To Haves

Meets: CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP
Exceeds: CASP+ CE, CCNP Security, CISA, CISSP (or Assc), GCED, GCIH, CCSP

Responsibilities

Ensuring required cybersecurity controls are implemented and validated, to include continuous monitoring actions for assigned systems.
Supporting the development and maintenance of cybersecurity related plans and procedures.
Monitoring for non-compliance, anomalous activity (i.e., threats), and effectively reporting such activity and associated risks.
Ensuring POA&Ms or remediation plans are in place for vulnerabilities identified during monitoring activity, audits, inspections, and implementing, or overseeing, corrective actions.
Creating, collecting and retaining data to meet reporting requirements.
Monitoring and correlating data (i.e., events) from a variety of sources (e.g., Splunk, ELA, ePO, ACAS, etc.) to identify and mitigate threats, vulnerabilities and non-compliance.
Investigating, analyzing and responding to cyber events, incidents and non-compliance, including trend analysis, creating detailed written reports and briefing the appropriate parties.
Identifying, implementing and enforcing requirements for the proper handling and storage of Government data and electronic media.
Conducting self-inspections and preparing for customer inspections.
Interacting professionally during the enforcement of security policy and procedures.