Systems Security Officer

About The Position

Requirements

• At least 10 years of experience in Information Security or Cybersecurity.
• Proven track record of leadership responsibilities.
• Strong foundation in security engineering and integration support involving a wide range of security issues such as architectures, data flows, and access control.
• Experience with MS Office, including Word, PowerPoint, Project, and Excel.
• Knowledge of National Institute of Standards and Technology (NIST) Special Publications and Federal Information Processing Standard (FIPS) standards.
• Ability to multi-task, handle a high-paced work environment, and adapt to changing priorities.
• Excellent customer service skills.
• Excellent writing, oral communication, and organizational skills.
• Ability to perform detailed work with little guidance and to interact in a positive manner with other government and industry personnel.
• Applicants must possess or meet eligibility requirements for passing a background investigation for Public Trust/ FAA Suitability.

Nice To Haves

• Certified Information Systems Security Professional (CISSP) highly desired.
• Understanding of the FAA National Airspace System (NAS) as a system of systems, including its domains, its enterprise services, and its overall operational concepts is a plus.

Responsibilities

• Advise on security considerations in applications systems procurement or development, implementation, operation and maintenance, and disposal activities (i.e. life cycle management).
• Assist in the determination of an appropriate level of security commensurate with the impact level.
• Assist in the development and maintenance of Security Authorization and ISCM documentation to for all systems under their responsibility to include: System Characterization Documents, System Security Plans and Information System Contingency Plans.
• Participate in risk assessments to periodically re-evaluate sensitivity of the system, risks, and mitigation strategies.
• Assist with the management of remediation actions and POAM updates to ensure timely remediation of security deficiencies.
• Assist in the assessment of system configuration changes for impact on security posture through participation in the configuration control board processes.
• Notify the responsible officials of any suspected incidents in a timely manner, and assist in the investigation of incidents, as necessary.
• Oversee training, policies, and practices, including audits, to ensure systems are securely operated.
• Document and communicate policies, queries, vulnerabilities, and current state of the system.
• Implement and monitor information security requirements, policies, and compliance.
• Review white-papers, standards, security policies, and industry best practices and provide expertise on how the agency can ensure compliance with new security requirements.
• Apply current computer science technologies to the design, development, evaluation, and integration of computer systems and networks to maintain system security and provide information assurance.
• Provide security engineering and integration support involving a wide range of security issues such as architectures, electronic data traffic, and network access.
• Use encryption technology; penetration and vulnerability analysis of various security technologies; and information technology security research.
• Manage multiple projects, keep track of and identify new tasks or adjust existing tasks and expectations as the project evolves.
• Coordinate with a team of professionals who are both technical and non-technical to keep everyone on task and progressing forward, and also ensure the team maintains a positive and collaborative relationship with external stakeholders.