Information Systems Security Officer (ISSO)

About The Position

Requirements

• B.S. in Engineering, Computer Science, Computer Engineering, Electrical Engineering, Mathematics, or related field.
• Experience conducting regular security assessments and audits on IT devices / Information Systems to identify vulnerabilities, security gaps, and non-compliance with security policies and standards, using both manual inspections and automated tools to scan for vulnerabilities.
• Experience participating in the Risk Governance process to provide security risks, mitigations, and input on other technical risk.
• Prepares and presents reports on the security posture to senior management and other stakeholders.
• Experience creating and maintaining detailed RMF Assess and Authorization (A&A) documentation, incident reports, findings from device / information system examinations, summaries, and other situational awareness information.
• Experience in supporting necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Experience with creating / managing plans of actions and milestones (POA&Ms) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Experience ACAS/Nessus vulnerability scans, review audit logs in Splunk to detect suspicious or unauthorized activity, and that all modules are functioning / detecting for HBSS/ TRELLIX.
• Experience staying abreast of the latest security threats, trends, and technologies.
• Ability to provide continuous evaluations and improve the security measures in place to address evolving security challenges.
• Familiar with all DoD Cybersecurity guidance, NIST Special Publications, and U.S. Army Information Technology / Cybersecurity Regulations.
• Must have a current and active U.S. Passport with ability to obtain a DoD SECRET clearance.

Nice To Haves

• Advanced degree(s) preferred.
• 8140/8570 DoD Certification; Foundation-Intermediate / Information Assurance Manager I-II (IAM I-II)
• Experience working with DoD / U.S. Army / Federal Government
• Experience with software/tools: ACAS / Nessus, Splunk, ePolicy Orchestrator - HBSS/TRELLIX, SCAP Compliance Checker (SCC), STIG Viewer, eMASS
• Experience as an ISSO

Responsibilities

• Conducts regular security assessments and audits on I.T. devices and information system assigned to identify vulnerabilities, security gaps, and non-compliance with security policies and standards.
• Performs risk analysis to evaluate the potential impact of identified vulnerabilities on the security and operations of training Devices.
• Determines the likelihood of a security breach and the potential consequences.
• Ensures that all DoD and U.S. Army security policies, procedures, and standards are properly implemented in all training devices.
• Prepares for and respond to security incidents involving training devices.
• Creates and maintains detailed RMF body of evidence, documentation of all security assessments, audits, incidents, and remediation efforts.
• Overseeing an information security training and awareness program.

Benefits

• Healthcare coverage
• Retirement plan
• Life insurance, AD&D, and disability benefits
• Wellness programs
• Paid time off, including holidays
• Learning and Development resources
• Employee assistance resources