Information System Security Officer Support - Entry Level

RDR, INC. - Chantilly, VA3.6

Full-timeEstimated: $73,000 - $97,000 a year
Job Description:
Entry Level-1

0-5 years’ experience

The Level- 1 ISSO position is an entry level IS professional who provides assistance to the Government on basic IT and information system security issues affecting the mission. ISSO Level-I Contractors should possess the following desired qualifications:

Familiarity with conducting research and analysis; Familiarity with network and information system security principles and best practices; Familiarity with controlling, labeling, virus scanning, and appropriately transferring data (uploading/downloading) between information systems at varying classification levels; Ability to engender rapport with the military, civilians, and other contractors at all levels; Ability to prioritize tasks; Familiarity with applicable NRO, IC, DoD policies, procedures and operating instructions related to Information Technology, Information Assurance, Information Management (IT/IA/IM)

Provide comprehensive information system security support to NRO Directorates and Offices. Responsible to the Information System Security Manager (ISSM) for providing the day-to-day system security operations by ensuring that operational security is maintained for an information system (IS). ISSOs are also responsible for maintaining effective communications with the ISSM, PSO, Information System Owner Authorizing Official (AO) or Delegated Authorizing Official (DAO), Information System Security Engineer (ISSE), and the Security Control Assessor (SCA). ISSOs must have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.


Varied amount of Travel will be Required

Education relevant to computer engineering, information security, information management, and/or computer science

Experience in technical project management

Contractors performing ISSO functions shall possess and maintain or obtain within six months from their arrival date; professional Information Security (IS) certification(s) appropriate for the level of duty and responsibility of their position.

An Information System Security Officer (ISSO) includes skill requirements from a security or Office Security Program Office for all information technology issues such as malicious code eradication, configuration management, assessment and authorization of current and future systems. ISSOs shall know how to implement common information system security practices, policies, and technologies. Additionally, ISSOs demonstrate self-motivation, initiative, sound judgement, effective interpersonal skills, team building skills, and effective communication skills. The table below describes the desired requirements for ISSOs

Job Requirements:
Tasks include, but are not limited to:
Manage the day-to-day system security including physical and environmental protection, incident handling, and information system security training and awareness. Support the Information System Owner to draft, develop, update, or maintain the system security plan (SSP), and other related documents, following NRO, IC, and DoD applicable policies, procedures, and templates. Support initial risk analysis and present results to the Information System Owner and PSO. Participate in certification and integration, verification, and validation (IV&V) testing activities. Play an active role in continuous monitoring to include assessing the security impact of system changes, updating the SSP, managing and monitoring changes to the system, and disposal of the system in accordance with NRO, IC and DoD security policies and practices as outlined in the approved SSP. Initiate the re-certification/re-accreditation process by formally notifying the ISSM, PSO, and Information System Owner when changes occur that may affect accreditation authorization. Ensure all IS security-related documentation is current and accessible to properly authorized individuals. Maintain and update IT asset records in NRO XACTA Assessment Engine on behalf of the Information System Owner. Process information systems access requests, ensuring all users have the requisite SCI security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS. Report all security-related incidents to the ISSM and the cognizant PSO. Initiate, with the approval of the ISSM, protective or corrective measures when a security incident or vulnerability is discovered. Ensure configuration Management (CM) for the security relevant IS software, hardware, and firmware is maintained and documented. If a CM board exists, the ISSO may support the CM board if so designated by the ISSM. Follow procedures developed by the ISSM, authorizing software, hardware, and firmware use before implementation on the system. Ensure system recovery processes are monitored to ensure that security features and procedures are properly restored. Ensure system security requirements are addressed during all phases of the system life cycle. Ensure that NRO security systems comply with appropriate assessment and authorization standards by preparing and submitting relevant documentation to the AO/DAO via NRO/OS&CI/F&ISD. Responsible for controlling, labeling, virus scanning, and appropriate transferring date (uploading/downloading) between various NRO information system as required. Perform requested uploads/downloads, virus scanning, and software updates for applicable information systems and local and wide area networks (LAN/WANs), perform Automated Out-processing & Relocation System (AORS) review, Public Key Infrastructure (PKI) vetting, Portable Electronic Device (PED) registrations, and conduct NRO Management Information System (NMIS)/Secret Collateral Management Information System (SCMIS)/Unclassified Management Information System (UMIS) user briefings. Support comprehensive investigations into data spills and IT incidents at both government and contractor sites. Support information protection needs, system security requirements, system security architecture, and assess information protection effectiveness as related to NRO mission requirements. provide guidance on system security, assessment and authorization issues, and INFOSEC policy and security vulnerabilities. Provide security support to large conferences and other program activities. Provide advice and guidance to NRO program personnel and Program Security Officers on all Information System (IS) security issues across all NRO activities. Support the Government POC in managing the acquisition, operation, storage, inventory, and disposition of all Communications Security (COMSEC) related material and equipment as required. Work security issues involving multiple Intelligence Community SCI Control Systems, DoD SAP/SAR activities, and SCI Special Handling programs. Provide appropriate security awareness and training to NRO information system users. Coordinate activities with official designated representatives, chief information officers, senior agency information system security officers, information system and common control providers, and information system security officers. Maintain effective communications with the Information System Owner, AO or DAO, ISSE, SCA, ISSM, and PSO. Attend program technical exchange meetings, staff meetings, and program review milestone meetings, as directed. Monitor and track status of applicable patches including IA vulnerability alerts (IAVA), IA vulnerability bulletins (IAVB), and technical advisories (TA) for the networks and operating system(s) under their purview. Review applicable audit logs for actions to include but not limited to security relevant events/activities, suspicious activity, baseline changes and notify the ISSM of any discrepancies. Write, review, and/or assess security documentation and plans (e.g., Operational Security (OPSEC) Plans, Program Protection Plans, Classification Guides, DD 254's, Contract Data Classification Worksheets) focusing on safety and security of personnel, assets, resources, and mission.