Information Systems Security Officer

About The Position

Requirements

• Minimum of 3 years of experience in a similar ISSO or cybersecurity role.
• Proficiency in using security tools and technologies, such as VLANs, SIEMs, Static Application Security Testing (SAST) tools, network monitoring tools, and endpoint protection platforms (EPP).
• In-depth knowledge of network security, application security, and endpoint security principles.
• Strong understanding of operating systems (Windows, Linux, etc.) and their security configurations.
• Hands-on experience with ElkStack or other similar SIEM applications for security monitoring and log analysis.
• Experience with security compliance and regulatory requirements, including NIST USAF, and DoD regulations.
• Strong analytical and problem-solving abilities, with the capability to analyze complex security issues and develop practical solutions.
• Excellent written and verbal communication skills, with the ability to effectively communicate technical information to both technical and non-technical stakeholders.
• Ability to work independently and collaboratively in small team environments.
• Must possess a Secret clearance.
• Must hold a minimum Cybersecurity certification, such as Security+ or an applicable DoD 8140 certification (e.g., GSEC, CISM, CGRC, CISSP).

Nice To Haves

• Experience with eMASS.
• Experience with on-premise cloud instantiations.
• Experience with Microsoft Azure or Amazon Web Service configurations.
• Experience supporting Cross Domain Solutions
• High attention to detail.
• Associates degree and 2 additional years of relevant experience
• Bachelors degree (Preferred)

Responsibilities

• Assist Information System Security Managers (ISSMs) in the development, implementation, and enforcement of security policies, standards, and procedures to ensure the protection of information systems and data.
• Ensure that all information systems are configured securely according to DoD & organizational policies, industry's best practices, and security baselines.
• Conduct risk assessments to identify potential security threats and vulnerabilities.
• Develop and implement mitigation strategies to reduce risk and ensure business continuity.
• Assess the impact of changes in the IT environment and update the risk management framework accordingly.
• Ensure that information systems comply with relevant government and industry standards, such as NIST, and DoD regulations.
• Demonstrate familiarity with RMF processes for assessments and authorization efforts to prepare and maintain documentation for ATO compliance activities.
• Implement and manage continuous monitoring processes to maintain compliance with ATO requirements.
• Utilize Security Information and Event Management (SIEM) tools (e.g. Greylog, ElkStack, Splunk) to monitor system activities, analyze logs, and identify & report suspicious behavior & anomalous findings.
• Conduct regular security audits and assessments to evaluate the effectiveness of security measures and identify areas for improvement.
• Develop and implement remediation plans to address identified vulnerabilities.
• Work closely with other IT and security professionals, including system administrators, network engineers, and security analysts, to ensure a coordinated approach to cybersecurity.
• Liaise with external stakeholders & partnering agencies as needed.
• Maintain comprehensive documentation of security policies, procedures, system configurations, and security incidents.
• Prepare reports for management on security status, compliance efforts, and incident response activities.
• Research, evaluate, and recommend security enhancements to improve the overall security posture of the organization.
• Stay updated with the latest security trends, technologies, and threats.