Information Systems Security Officer (ISSO)

About The Position

Requirements

• 2-5 years’ experience in role
• Proficiency in using security tools and technologies, such as firewalls, intrusion detection/prevention systems, SIEM, and endpoint protection.
• Knowledge of network security, application security, and endpoint security principles.
• Understanding of operating systems (Windows, Linux, etc.) and their security configurations.
• Familiarity with cloud security best practices
• Familiarity with RMF process
• Experience with Spunk or other similar applications
• Experience with security compliance and regulatory requirements.
• Strong analytical and problem-solving abilities.
• Capability to analyze complex security issues and develop practical solutions.
• Excellent written and verbal communication skills.
• Ability to effectively communicate technical information to non-technical stakeholders.
• Bachelor’s degree in Computer Science, Information Technology, or related field
• COMPTIA Security + / CISSP
• TS/SCI clearance and CI Polygraph
• U.S. Citizenship is required for this position.

Nice To Haves

• DESIRED AWS certification (e.g., AWS Solutions Architect Associate or Professional)

Responsibilities

• Develop, implement, and enforce security policies, standards, and procedures to ensure the protection of information systems.
• Ensure that all information systems are configured securely according to organizational policies and best practices.
• Perform system patching in response to IAVAs and other security findings and requirements
• Conduct risk assessments to identify and mitigate potential security threats.
• Assess the impact of changes in the IT environment and update the risk management framework accordingly.
• Ensure that information systems comply with relevant government and industry standards, such as NIST, FISMA, and DoD regulations.
• Prepare and maintain documentation to demonstrate compliance.
• Implement continuous monitoring processes to detect and respond to security vulnerabilities and threats.
• Utilize tools like SIEM (Security Information and Event Management) to monitor system activities.
• Conduct regular security audits and assessments to evaluate the effectiveness of security measures and identify areas for improvement.
• Work closely with other IT and security professionals to ensure a coordinated approach to cybersecurity.
• Liaise with external stakeholders, such as auditors and regulatory bodies, as needed.
• Maintain comprehensive documentation of security policies, procedures, and measures taken to secure information systems.
• Prepare reports for management on security status and incidents.
• Recommend and implement security enhancements to improve the overall security posture of the organization.
• Stay updated with the latest security trends and technologies.