Information System Security Officer (ISSO) II

About The Position

Requirements

• Current U.S. Government Top Secret Clearance w/ SCI eligibility
• Must be a U.S. Citizen
• Minimum of 4 years experience
• Associates degree in information technology or Cybersecurity from an accredited college or university.
• Strong knowledge of RMF.
• DoD 8570/8140 (IAT II/IAM II or higher, e.g., CISSP. CAP, Security X)

Responsibilities

• Provide cybersecurity support services, as ISSO, for the 55 SCS DRSN program.
• Provide assessments on the severity of weaknesses or deficiencies discovered in the local DRSN operations environment and recommend corrective actions to address vulnerabilities.
• Use the RMF process to identify, analyze, and oversee risk in order to maintain an active Offutt AFB DRSN ATO.
• Process, store, maintain, update, and validate RMF documentation in a classified network environment or all DRSN-related programs.
• Assist in the configuration management process to maintain, update, and audit the DRSN network using methods and tools in accordance with DoW, Air Force (AF), and local policies.
• Utilize ACAS, or other DRSN DAO-approved scanning software, to accomplish audit controls.
• Complete monthly audit file backups of DRSN Administration Terminals.
• Establish appropriate Response Plans to the results of audit analyses for network security, as well as procedures for notification of associated entities, to include updating Response Plans annually.
• Participate in DRSN-related requirements discussions with stakeholders and devise cybersecurity solutions.
• Complete updates to the DRSN RMF packages in XACTA IA Manager during all steps of the RMF process.
• Develop, as necessary, DRSN Body of Evidence documents, including Security Plans, Security Assessment Reports (SAR), Plan of Actions and Milestones (POAM), risk assessment reports, network diagrams, rack elevations, equipment inventories, software lists, and security controls traceability matrices.
• Develop, implement, assess, manage, and monitor DRSN security controls and RMF family policies.
• Update POAMs as required by the AFGSC and 16th Air Force (16 AF) Assessment and Authorization (A&A) Teams.
• Coordinate with the DRSN ISSM to implement changes within XACTA.
• Interface with ORSMO, USSTRATCOM, DISA, Air Combat Command (ACC), DAO, DTRA, NEC, DRSN long local circuit site representatives, U.S. Allies, and other stakeholders during the RMF package A&A process.
• Ensure monthly audit file backups of all secure and non-secure DSS-2A switches, Enhanced Command Consoles (ECC), Admin Terminals, and Maintenance Tool Kits (MTK) are accomplished, as appropriate, and document who has access to the equipment. Additionally, any equipment not requiring authentication, or waivers, shall be documented.
• Document remote access capabilities and personnel with permissions such as DISA, Operations and Maintenance (O&M), and IA.
• Ensure physical security, personnel security, incident handling, training validation, and other security awareness requirements, have been satisfied by all DRSN users for continued network access.
• Schedule and complete quarterly destruction of media in accordance with USSTRATCOM and Offutt AFB policies.
• Sanitize, remove drives, and remove memory, as applicable, from hardware and ensure destruction is accomplished according to established Government and local security procedures.
• Work with DRSN O&M contractors and ORSMO in developing and maintaining contractor Standard Operating Procedures required for ongoing RMF Accreditation Program.
• Assist in configuration management process reviews to establish procedures for ensuring contractor work instructions are continually updated and audited.
• Communicate with internal and client project team members, and work to influence teams regarding solution designs, processes, and approaches.
• Serve as the principal advisor in ensuring appropriate operational security posture for organizational mission and business systems.
• Manage and document A&A projects using XACTA IA Manager A&A workflow platform.
• Advise, conduct, and document risk assessments, develop System Security Plans (SSP), and create POAMs and security policies and procedures.
• Advise and guide customers in the implementation of security controls, doctrine, and policies.
• Participate in system discovery meetings to categorize systems for ATO purposes, as well as promote DRSN policy and process creation.
• Obtain, manage, and file SCIF and TEMPEST accreditation documents as part of the DRSN RMF Accreditation Program.
• Implement cybersecurity standards and procedures to identify, report and resolve security violations.
• Additional duties as required by the Contract

Benefits

• Competitive salary for well qualified applicants
• 401(k) plan
• Annual performance bonus
• Certification and advanced degree attainment bonuses
• Student Loan / Tuition reimbursement
• Health Care Insurance (medical, dental, vision)
• Up to four weeks of paid vacation
• 11 Federal Holidays, and 3 Floating Holidays
• Team bonding events