Information System Security Officer (ISSO)

Astrion•Eglin Air Force Base, FL

6d•Onsite

About The Position

Astrion has an exciting opportunity for an INFORMATION SYSTEM SECURITY OFFICER (ISSO) supporting the 96th Test Wing located at EGLIN AFB, FL. The primary purpose of this position is to serve as an Information Systems Security Officer (ISSO) overseeing the cybersecurity posture and compliance of critical mission systems. Responsible for executing the Risk Management Framework (RMF) lifecycle, adhering to the DoD Joint SAP Implementation Guide (JSIG), and securing Authorities to Operate (ATOs) for Information Systems (IS). Responsibilities include developing, updating, and maintaining System Security Plans (SSPs), managing Plans of Action and Milestones (POA&Ms), and conducting continuous monitoring of classified and unclassified networks. Ensures systems comply with information security policies, Federal Information Security Management Act (FISMA), National Institute of Standards and Technology (NIST) controls, and applicable DoW/DoD regulations. Integrates security by design, advising software developers, system administrators, and project leaders on secure architecture, hardware/software compatibility, and vulnerability mitigation. The incumbent designs and reviews security audit routines, analyzes complex security incidents, and performs risk assessments on new technologies and system modifications. Works to achieve quality improvement in security processes and takes a proactive approach to customer assistance. Maintains an up-to-date awareness of emerging cyber threats and technologies to predict future security requirements. Knowledge of Information Assurance (IA) and Cybersecurity principles, concepts, and methods sufficient to evaluate new and emerging IT security technologies and ensure their successful integration into the existing and anticipated infrastructure. Knowledge of the Risk Management Framework (RMF), DoD JSIG, NIST SP 800-53 security controls, and FISMA requirements to guide systems through the assessment and authorization (A&A) process and maintain continuous ATO status. Knowledge of IT systems architecture, operating systems, and network infrastructure to isolate vulnerabilities, interpret vulnerability scanner results (e.g., ACAS/Nessus, STIGs), and recommend technical mitigations that support organizational business processes without compromising security. Knowledge of system development life cycles (SDLC) and DevSecOps to ensure security controls are integrated early in the design phase and to evaluate the security impact of proposed modifications or new applications. Ability to gather facts and use analytical methods to assess complex cybersecurity requirements, develop and manage System Security Plans (SSPs) and POA&Ms, and solve intricate security and compliance problems. Ability to maintain an up-to-date awareness of technological advances and cyber threat intelligence to predict how management can securely meet future operational requirements. Ability to communicate orally and in writing to brief senior leadership on cyber risks, draft comprehensive security documentation, and provide training to functional users. Ability to modify and adapt precedent security solutions to unique, specialized, or Special Access Program (SAP) requirements. Skill in applying agency cybersecurity policies, incident response procedures, and audit management standards.

Requirements

Active SECRET clearance. Must be eligible for a TOP SECRET clearance.
Must be a U.S. citizen.
3 to 10 years of relevant experience.
Bachelor’s or Master’s degree in the applicable discipline.
CompTIA Security+ certification is required.
Knowledge of Information Assurance (IA) and Cybersecurity principles, concepts, and methods.
Knowledge of the Risk Management Framework (RMF), DoD JSIG, NIST SP 800-53 security controls, and FISMA requirements.
Knowledge of IT systems architecture, operating systems, and network infrastructure.
Knowledge of system development life cycles (SDLC) and DevSecOps.
Ability to gather facts and use analytical methods to assess complex cybersecurity requirements.
Ability to maintain an up-to-date awareness of technological advances and cyber threat intelligence.
Ability to communicate orally and in writing to brief senior leadership on cyber risks, draft comprehensive security documentation, and provide training to functional users.
Ability to modify and adapt precedent security solutions to unique, specialized, or Special Access Program (SAP) requirements.
Skill in applying agency cybersecurity policies, incident response procedures, and audit management standards.

Nice To Haves

6 years work experience may be substituted for a Bachelor's Degree; OR Associate’s degree plus 4 years work experience may be substituted for a Bachelor's Degree; OR Bachelor's Degree plus 8 years work experience may be substituted for a Master's Degree; OR 12 years work experience may be substituted for a Master's Degree.
Technical audits and enforcement of information systems security procedures.
Experience working with government regulations, such as NISPOM, JAFAN, JSIG, DIACAP and Risk Management Framework.
Experience supporting various system configurations (Stand Alone, Local Area Networks, and Wide Area Networks).
Self-motivated and possess good written, verbal, listening and presentation skills.
Previous experience working in a classified information systems environment.
Familiarity with test equipment and sanitization procedures.
Other certification may be required based on constantly changing requirements.

Responsibilities

Serve as an Information Systems Security Officer (ISSO) overseeing the cybersecurity posture and compliance of critical mission systems.
Execute the Risk Management Framework (RMF) lifecycle.
Adhere to the DoD Joint SAP Implementation Guide (JSIG).
Secure Authorities to Operate (ATOs) for Information Systems (IS).
Develop, update, and maintain System Security Plans (SSPs).
Manage Plans of Action and Milestones (POA&Ms).
Conduct continuous monitoring of classified and unclassified networks.
Ensure systems comply with information security policies, Federal Information Security Management Act (FISMA), National Institute of Standards and Technology (NIST) controls, and applicable DoW/DoD regulations.
Integrate security by design, advising software developers, system administrators, and project leaders on secure architecture, hardware/software compatibility, and vulnerability mitigation.
Design and review security audit routines.
Analyze complex security incidents.
Perform risk assessments on new technologies and system modifications.
Achieve quality improvement in security processes.
Take a proactive approach to customer assistance.
Maintain an up-to-date awareness of emerging cyber threats and technologies to predict future security requirements.
Evaluate new and emerging IT security technologies and ensure their successful integration into the existing and anticipated infrastructure.
Guide systems through the assessment and authorization (A&A) process and maintain continuous ATO status.
Isolate vulnerabilities, interpret vulnerability scanner results (e.g., ACAS/Nessus, STIGs), and recommend technical mitigations.
Ensure security controls are integrated early in the design phase and evaluate the security impact of proposed modifications or new applications.
Gather facts and use analytical methods to assess complex cybersecurity requirements.
Develop and manage System Security Plans (SSPs) and POA&Ms.
Solve intricate security and compliance problems.
Brief senior leadership on cyber risks.
Draft comprehensive security documentation.
Provide training to functional users.
Modify and adapt precedent security solutions to unique, specialized, or Special Access Program (SAP) requirements.
Apply agency cybersecurity policies, incident response procedures, and audit management standards.