Full Job Description
This opportunity is for an Information System Security Officer (ISSO) who will be responsible for successful execution of Cybersecurity requirements for Special Programs. The ISSO will be responsible for performing Risk Management Framework (RMF) activities outlined in applicable governing documents such as: JSIG, CNSS, ICD 503, NIST Special Publications 800-37 and 800-53, and various DoD Manuals/Instructions/Guides.
The candidate must be proficient with RMF and Continuous Monitoring (ConMon) activities. Some other key activities of the ISSO include:
Perform Cybersecurity sustainment activities per Information System Security Manager (ISSM) instruction
Register new information systems and perform Assessment and Authorization (A&A) activities
Prepare artifacts to include System Security Plans (SSP), Security Controls Traceability Matrix (SCTM), Risk Assessment Reports (RAR), Security Concept of Operations (CONOPS), and detailed technical artifacts to support A&A (e.g., hardware/software mappings, information systems and network configuration diagrams)
Review the information system audit data and event logs, investigate and report anomalies to the Information System Security Manager (ISSM). Resolve security incidents or anomalies per ISSM direction
Works closely with the Information Systems Security Manager (ISSM)
2 years of experience in Information Systems Security/Information Assurance, Security Engineering, or IT Systems Security Administration
Basic knowledge of RMF, JSIG, NIST Special Publications, CNSS policies, instructions and other requirements associated with RMF. Broad knowledge and experience with NIST Special Publications 800-37 and 800-53 are essential
Experience with various information system security tools that address vulnerability analysis and mitigation. These may include ACAS, HBSS, STIGS, operating system logs and log analysis tools, Anti-Virus, endpoint protection, patch management, etc.
Knowledge of computer forensic tools and investigative methodologies
Knowledge of typical operating systems and key security features
Knowledge of TCP/IP networking, intrusion detection, network monitoring, security incident and event management
Act independently, prioritize tasks, and manage to schedule per ISSM instruction
Proficient in Microsoft Applications (Word, Excel, PowerPoint, Visio, etc.)
Communication skills with the ability to communicate effectively in both oral and written modes, and be able to author and present subject specific presentations. Comfortable with some public speaking
Must be willing and able to travel as required up to 10% of work schedule
DoD 8570.01M compliant professional certification (e.g., Security +, CISSP, etc.)
Required Education (including Major):
Bachelor's Level Degree in Computer Science, Information Systems, Information Assurance, Cybersecurity, or related field of study; or 4 years of directly related experience in lieu of education
Required Security Clearance:
US Citizen with current TS/SCI clearance with Full Scope Poly
This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.