Information System Security Officer (ISSO)

Agile Defense•Ridgecrest, CA

About The Position

The Naval Air Warfare Center Weapons Division (NAWCWD) conducts research, development, acquisition, and test & evaluation of Naval air-to-air, air-to-ground and surface launched weapon systems; conducts weapons systems integration, and weapons, mission, and life-cycle cost analysis; and provides weapons and armament life-cycle services in support of the operating forces, Department of Defense (DoD), and the Missile Defense Agency (MDA). The Naval Air Systems Command (NAVAIR) and the NAWCWD, Digital Information Technology Analysis and Cyber (DITAC) Department Cyber Security Support Services (CSSS) primary purpose is to sustain the analysis, design, development, test, integration, deployment and operations of Information Technology (IT) systems and services including but not limited to the required certification and accreditation services, configuration management, technical information assurance, network monitoring, defense and security, and support for the Cyber Security workforce.

Requirements

IAM III certification (CCISO, CISM, CISSP, GSLC, Sec+)
BS - Computer Science or other technical field with 10 yrs work experience OR AS with 15 yrs work experience. (Computer Science, Information Systems Security, Computer Engineering, Computer Programming, Computer and Information Science)

Responsibilities

Planning, implementing, upgrading, or monitoring security measures for the protection of computer networks and information.
Possess a strong understanding of the RMF process, as well as a eMASS, eMASSter, STIG Viewer, SCAP Compliance Checker (SCC), VRAM, and Visio applications.
Execute all RMF process steps following the guidelines outlined in Navy and NAVAIR directives.
Managing packages in eMass.
Reviewing Nessus scans.
Actively manage ATO (Authority to Operate) packages.
Maintaining hardware/software lists.
Ensure the Reviewing and verifying STIGs are complete.
Collaborate with System Administrators, Network Operations, etc. to address system vulnerabilities, track progress and ensure security measures are implemented effectively.
Conduct security control assessments and validations of a system's technical and non-technical security features to mitigate known threats and vulnerabilities effectively. These assessments should comprehensively identify and assess impacts while also taking into account existing risk mitigation strategies.
Ensure the completion of all necessary RMF products and reporting in accordance with policy and in collaboration with the Security Control Assessor.
Assist in updating any documentation related to risk assessments (such as Risk Assessment Reports, Plan of Actions & Milestones (POA&M), etc.) based on the results of assessments.
Conduct the necessary vulnerability analysis to facilitate the mitigation and determination of residual risk as required.
Provide support for the continuous monitoring program as needed, especially when System Level Continuous Monitoring results are essential to meet ongoing authorization requirements.
Assist in contingency planning, testing, and execution as necessary.
Support the incident response process and actively participate in meetings with the program team, offering updates on project status.