This is a hybrid position allowing 50% remote work after a brief ramp-up period (first 2-3 weeks will be 100% onsite during on boarding, then time will be split 50/50 onsite/remote). However, operational requirements and classification of system could be a cause for more onsite time.
These ISSOs needs to have a good understanding of the National Institute of Standards and Technology (NIST) approved cyber society, information assurance (IA) architecture, policies, programs, standards, and guidelines. The ISSO will be provide experienced and qualified personnel to perform Cybersecurity support services to assist and maintain the customers effective cybersecurity program.
Primary Responsibilities: Establish and implement security procedures and practices in support of Customer goals and current DoD regulations. Develop
and update Assessment & Authorization (A&A) documentation (Body
of Evidence) for management and continuous monitoring of information
systems.Using knowledge of the Information System (IS) and
understanding of established Information Assurance (IA) and
Cybersecurity requirements validate security policies and procedures
outlined in the System Security Plan (SSP), customer policies &
regulations, and ensure local policies are followed. Initiate
the authorization or re-authorization efforts and process for new or
expiring systems and coordinate, schedule, and attend required meetingsServe as the System Information System Security Officer (ISSO) for various Joint Service Provider (JSP) systemsTake
corrective action to resolve problems identified and ensure systems are
operated, maintained, and disposed of in accordance with established
policies and procedures.Perform security audits IAW established
procedures. Develop process for the management, review, and retention
of security audit data. Make decisions and implement corrective action
as required to resolve audit discrepancies.Author and review IS security-related documentation and submit to Enterprise Mission Assurance Support Service (eMASS).As
an IA Subject Matter Expert (SME), provide critical thinking to ensure
system security requirements are addressed during all phases of the
System Development Life Cycle (SDLC).Conduct ongoing security
reviews and tests of systems to verify security features and controls
are functional and effective. Take corrective action to resolve
identified vulnerabilities.Provide security engineering review
of proposed changes or additions to the IS (including hardware,
software, or connectivity), and advise the Information System Security
Manager (ISSM) of the security relevance.Create and maintain processes and procedures for use by members of the ISSO teamSupport
the ISSO Team Lead in conducting lessons learned activities to improve
the overall productivity and efficiency of the ISSO teamCommunicates with internal team members across multiple areas and customer team membersReviewing manual STIGs (ckls) utilizing STIGViewerReviewing ACAS ScansDeveloping Project Management Plan to attain ATO Qualifications:
DoDI 8570 IAM Level II or IAT Level II CertificationBS and 8 or more years of prior relevant experience, add'l experience may be considered in lieu of degreeActive Secret clearance or higher (program can support up to TS/SCI