IT Security Specialist - ISSO - Information Systems Security Officer

About The Position

Requirements

• Bachelor's Degree and 6 years work experience or equivalent experience
• Experience in Information Security
• Experience in vulnerability/risk analysis
• Experience in security policy, risk management, and system security
• Experience in reports such as System Security Plans (SSPs), Risk Assessments Reports, Certification and Accreditation (C&A) packages, and/or System Requirements Traceability Matrix (SR TM)
• Experience in security information and event management (SIEM) systems
• Strong understanding of operating systems (Windows, Linux, etc.)
• Familiarity with network protocols and architectures
• Ability to work in a fast-paced environment and prioritize multiple tasks
• Excellent communication and interpersonal skills
• Strong analytical and problem-solving skills
• Ability to obtain and retain a security clearance
• U.S. Citizen

Nice To Haves

• Degree in Computer Science, Information Assurance, or a related field
• Certifications: CompTIA Security+ or CISSP or CISM
• Experience with Department of War classified systems such as SIPRNet.
• Experience with NIST Cybersecurity Framework and other security frameworks
• Proficient in Python, PowerShell, or other scripting languages

Responsibilities

• System Security Oversight: Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures outlined in the security plan.
• Program Implementation: Verify the implementation of delegated aspects of the system security program.
• Account Management: Ensure proper account management documentation is completed prior to adding and deleting system accounts.
• Documentation Management: Verify all system security documentation is current and accessible to properly authorized individuals.
• Risk Assessment and Mitigation: Conduct periodic assessments of authorized systems, identify vulnerabilities, and provide corrective actions to the Information System Security Manager - ISSM.
• Audit and Compliance: Ensure audit records are collected and analyzed in accordance with the security plan.
• Incident Response: Report all security-related incidents to the ISSM.
• System Recovery: Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.
• Change Management: Formally notify the ISSM of any changes to a system that could affect authorization.
• Configuration Control: Serve as a member of the Configuration Control Board (CCB), if designated by the ISSM.
• Security Policy and Compliance
• Conduct regular reviews and updates of security policies to ensure they remain relevant and effective.
• Collaborate with stakeholders to ensure that security policies are aligned with organizational goals and objectives.
• Provide guidance and training to employees on security policies and procedures.
• Risk Management
• Identify, assess, and mitigate potential security risks to the organization's information systems and data.
• Conduct risk assessments and threat modeling to identify potential vulnerabilities and threats.
• Develop and implement risk mitigation plans to address identified risks.
• Monitor and review risk mitigation plans to ensure they are effective.
• System Security
• Ensure the security and integrity of information systems, including networks, servers, workstations, and applications.
• Conduct regular security assessments and vulnerability scans to identify potential vulnerabilities.
• Implement security controls, such as firewalls, intrusion detection systems, and access controls.
• Collaborate with IT teams to ensure that security is integrated into the system development lifecycle.
• Incident Response
• Develop and implement incident response plans to respond to security incidents, including data breaches and system compromises.
• Identify and classify security incidents and activate incident response plans as needed.
• Collaborate with incident response teams to contain and mitigate incidents.
• Conduct post-incident reviews to identify lessons learned and areas for improvement.
• Vulnerability Management
• Execute the continuous monitoring strategy.
• Identify and remediate vulnerabilities in information systems and applications.
• Conduct regular vulnerability scans and penetration testing to identify potential vulnerabilities.
• Develop and implement vulnerability remediation plans to address identified vulnerabilities.
• Collaborate with IT teams to ensure that vulnerabilities are remediated in a timely and effective manner.
• Security Awareness and Training
• Develop and implement security awareness and training programs for employees and contractors.
• Provide regular security training and awareness programs to educate employees on security best practices.
• Collaborate with HR and training teams to ensure that security training is integrated into employee onboarding and ongoing training programs.
• Audit and Compliance
• Ensure user activity monitoring data is analyzed, stored, and protected in accordance with policies and procedures.
• Coordinate with internal and external auditors to ensure compliance with security policies, procedures, and regulatory requirements.
• Conduct regular security audits and assessments to identify potential security risks and vulnerabilities.
• Develop and implement audit and compliance plans to address identified risks and vulnerabilities.
• Technical Security
• Provide technical security expertise, including threat analysis, vulnerability assessment, and penetration testing.
• Collaborate with IT teams to ensure that security is integrated into the system development lifecycle.
• Conduct regular security testing and vulnerability assessments to identify potential security risks and vulnerabilities.
• Communication and Collaboration
• Communicate security risks and vulnerabilities to stakeholders, including senior management and employees.
• Collaborate with IT teams, stakeholders, and external partners to ensure that security is integrated into organizational initiatives.
• Develop and maintain relationships with external security partners and vendors.
• Continuous Improvement
• Complete required training identified in the ISSM Required Training Table within 6 months of appointment.
• Continuously monitor and review security policies, procedures, and controls to ensure they remain effective.
• Identify areas for improvement and develop plans to address them.
• Collaborate with stakeholders to ensure that security is integrated into organizational initiatives and that security risks are managed effectively.

Benefits

• health, dental, and vision insurance
• health savings accounts
• a 401(k) savings plan
• disability coverage
• life and accident insurance
• employee assistance program
• a legal plan
• discounts on things like home, auto, and pet insurance
• paid time off
• paid holidays
• paid parental, military, bereavement, and any applicable federal and state sick leave
• Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards
• Other incentives may be available based on position level and/or job specifics.