Information System Security Officer (ISSO)

About The Position

Requirements

• Minimum of 6+ years of experience demonstrating the required proficiency as an Information Security Officer
• Bachelor’s degree and/or equivalency
• Active Secret Security Clearance required
• Must possess an IAT III certification
• Must be a U.S. Citizen
• Excellent verbal and written communications skills
• Knowledge of databases, spreadsheets and report writing
• Ability to adapt to a consistently changing environment.
• Experience with various tools such as: SPLUNK, PowerShell, ACAS, NESSUS, Siphon, and other tools used within the DoD and MHS environment.
• Knowledge of APL list, eMASS, CSTARS, and other DoD sites for cybersecurity system management.
• Strong knowledge of technical domain data requirements, system architecture, sensor/data sources.
• Experience with applying STIGS
• Strong knowledge of DoD and applicable service or agency security policies, manuals, and standards.
• Knowledge of processes in controlling, labeling, virus scanning, auditing tools, and secure data transfer between information systems.

Nice To Haves

• You have prior experience supporting a DoD environment.

Responsibilities

• Participate in various aspects in developing and writing certification and accreditation (C&A) documentation packages included in the process of helping an organization/agency obtain an Authority to Operate (ATO) on its systems and/or environment.
• Follow National Institute of Standards and Technology (NIST) and/or Department of Defense IA Certification and Accreditation Process standards in performance of job functions.
• Manage or take part in the MTF Information Assurance Vulnerability Management (IAVM) program, which requires disseminating, coordinating, validating, reviewing, guiding, data entry, training, and monitoring compliance data provided or available to/from DoD and MHS.
• Use DoD and MHS approved vulnerability assessment and mitigation tools to identify vulnerabilities, apply mitigation, and to identify potential areas of weaknesses in the IA programs.
• Identify security problems and requirements through studies, analysis, and research.
• Responsible for disseminating information, policies, procedures, and/or guidance to superior and subordinate units and for the management of tasks and requirements for MTF.
• Respond to reported security breaches, violations of rules, regulations, policies, procedures, and codes of conduct and takes appropriate action to minimize harm, investigate, evaluate, track, and report incidents.
• Manage the security of the information system that is slated for Certification & Accreditation (C&A).
• Support the information system owner/information owner for the completion of security-related responsibilities.
• Advise system changes and impact.
• Provide view on the continuous monitoring of the information system.
• Assess security events to determine impact, develop and execute corrective action plans, and make recommendations to management for corrective long-term preventive solutions to avoid recurrence.
• Monitor and audits installed software and hardware tools for signs of suspicious activity leading to potential security events.
• Responsible for the implementation, maintenance, and proliferation of new technologies meant to enhance the overall network security posture.
• Develop and implements technical programs to ensure that users adhere to systems security policies and procedures.
• Ensure access to computer applications, operating systems, and other stored programs and data is limited to those personnel authorized for such access.
• Review and design systems software routines to facilitate security processes.
• Works with other Information Technology (IT) Specialists and participates in operational teams.
• Assign work to team members, tracks work completion, and assesses effectiveness and efficiency of work performed.
• Assist with customer ticketing system assignments and meets SLA
• Elevate difficult assignments to senior IA managers as needed.
• May be required to respond to support nights or weekends to fulfill department related duties or be required to be placed on an on-call schedule for duties as directed/needed by command, directorate, or department.