Information System Security Officer (ISSO)

About The Position

Requirements

• Bachelor's Degree with 4+ years of experience or a Master's Degree with 2+ years of experience.
• US Citizen with at least a Secret clearance.
• Must hold current Security+ or higher certification to be considered; must be able to maintain.
• Experience in Cybersecurity, systems security or hardening, Information Technology.
• Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM).
• Experience working with and/or supporting computer technologies (such as; databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics).
• Experience with security configurations across multiple operating systems in various environments, to include Windows, Linux, UNIX, utilizing Active Directory/Group Policy, Centrify, etc.
• Highly organized and self-motivated with excellent documentation skills and the ability to work with minimal supervision.

Nice To Haves

• TS/SCI Clearance.
• Experience in performing IT work with Windows or Linux systems.
• Experience within the IC community.
• Experience working in DoD classified operating environments.
• Experience with various information system security tools that address vulnerability analysis and mitigation.
• Familiarity with implementation of Government directives and policies derived from NIST, STIG, DoD, or other Government Regulatory compliance standards.
• Experience in the execution of the Assessment & Authorization processes, as defined within the Risk Managed Framework (RMF).
• Experience providing technical security consultation for complex, cross-domain, diverse classified networked environments.
• Familiarity with the execution and management of cyber incident response; preservation, containment, and eradication.

Responsibilities

• Assessing and monitoring system compliance, auditing, security plan development and delivering information systems security education and awareness.
• Investigating information system security violations and help prepare reports specifying corrective and preventative actions.
• Conducting technical and administrative assessments.
• Analyzing systems security risks, analyzing findings, and recommending corrective actions to enhance security.
• Integrating new cybersecurity processes, procedures, and tools.
• Support the creation, review and update of cybersecurity documentation and other technical writing.
• Managing the day-to-day compliance of our classified information systems.
• Auditing information systems to ensure compliance with security policies and procedures while reporting any discrepancies to the ISSM, ISO.
• Assisting in the Risk Management Framework (RMF) authorization process by developing and maintaining artifacts for the Body of Evidence (BoE).
• Reviewing and approving Configuration Management (CM) requests of all associated hardware, software, and security relevant functions.
• Assisting with sanitization and release of hardware in accordance with security policies or Authorizing Official (AO) guidance.
• Testing/evaluation and application of required technical security controls and periodic inspections of information systems.