ISSO 2

About The Position

Requirements

• Fundamental understanding of common auditing techniques
• Understanding of RMF (NIST SP 800-53, JSIG, DAAPM, ICD 503), IR, Vulnerability Management, SCAP, STIG, and Security-Relevant Tools.
• Understands Information Technology basics.
• Awareness of network type designations (e.g. WAN, LAN) and associated infrastructure (e.g. Servers, switches, firewalls).
• Requires a bachelor's degree in Information Technology or a related field.
• Equivalent industry experience may be substituted.
• Possesses an IAM I/IAT II Certification, or greater.
• 3-5 years year relevant industry experience is required,
• Applicants selected for this position will be required to obtain and maintain a government security clearance. Secret clearance is required with the ability to obtain Top Secret clearance.

Nice To Haves

• Preferred experience with auditing systems using native language (PS/BASH), with tools and basic scripts / queries, and experience working with ISSMs to create and manage POA&Ms.

Responsibilities

• Assist the ISSM in meeting their duties and responsibilities. The ISSO shall assume ISSM responsibilities in the absence of the ISSM.
• Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package.
• Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties.
• Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS.
• Conduct periodic reviews of information systems to ensure compliance with the security authorization package.
• Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change.
• Formally notify the ISSM and AO/DAO when changes occur that might affect system authorization.
• Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.
• Ensure all IS security-related documentation is current and accessible to properly authorized individuals.
• Conduct Audits and Continuous Monitoring (ConMon) activities using available technical and non-technical processes, reports Audit and ConMon findings, Execute incident response and attends and contributes to status meetings.
• Manage configuration baselines of both hardware and software
• Identify system architecture flaws using industry standard tools (e.g. STIG, SCAP, Nessus) that will be flowed to the ISSM for review.
• Mentors and coaches ISSO 1.
• Performs other duties as assigned.

Benefits

• Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities.