Tactical Systems ISSO
Share
Job Location:
Huntsville, AL - USA
Monthly Salary:
Not Disclosed
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
Implements and documents management operational and technical NIST 800-53 security controls and control enhancements for tactical information technology systems and platforms to ensure a healthy cybersecurity posture and to achieve and maintain Authorization to Operate under the Risk Management Framework in accordance with DOD Army NETCOM and organizational policies.
Principal Duties and Responsibilities (*Essential Functions):
- Provides network and security operations technical analysis assessment and recommendations.*
- Identifies where systems/networks deviate from acceptable configurations enclave policy or local policy.*
- Conducts audits to ensure information systems security policies and procedures are implemented as defined in security plans and best practices. *
- Performs detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards.*
- Establishes strict program control processes and policies to ensure mitigation of risks and supports obtaining certification and accreditation of systems. *
- Supports the formal testing requirements through pre-test preparations participation in the tests analysis of the results and preparation of required reports.*
- Performs evaluations (compliance audits) and/or active evaluations (vulnerability assessments). *
- Oversee the development and implementation of security policies and procedures that align with the organizations mission and goals.
- Ensure that IT supply chain security and risk management policies and requirements are met as they relate to cybersecurity.
- Advise appropriate leadership (e.g. Program Information System Security Manager Authorizing Official Designated Representative etc.) of security relevant changes affecting the organizations cybersecurity posture.
- Update and maintain enterprise Mission Assurance Support System (eMASS) records for information systems and platforms.
- Create or update system Authorization Boundary Diagrams Information or Data Flow Diagrams and Security Architectures.
- Ensure that assigned IT systems platforms or applications can receive an ATO or Assess Only Approval
- Review existing documentation and perform edits and updates to ensure the applicable security controls continue to be met and remain effective.
- Conduct Annual Security Reviews (ASR) and FISMA Reviews for Information System records in eMASS.
- Review create or update a variety of DOD and RMF documentation (including but not limited to Security Plans (SP) Configuration Management Plans (CMP) Incident Response Plans (IRP) Contingency Plans (CP) Access Control Policies and other Assessment & Authorization (A&A) artifacts)
- Prepare distribute and maintain plans instructions guidance and standard operating procedures concerning the security of network or system operations.
- Identify the correct applicable Security Technical Implementation Guide (STIG) and Security Requirements Guides (SRG) for technologies used with systems and also test and apply them to the components of the information system.
- Identify and address applicable Cyber Tasking Orders alerts advisories errata and bulletins published from authoritative sources across the organization.
- Identify and properly document deviations vulnerabilities and mitigations on the system Plan of Actions and Milestones (POA&M) in eMASS to include importing results from technical scans into eMASS and managing the resulting POA&M items.
- Use a variety of cybersecurity tools that include but are not limited to enterprise Mission Assurance Support System (eMASS) Security Content Automation Protocol (SCAP) Compliance Checker (SCC) Assured Compliance Assessment Solution (ACAS)/Nessus Vulnerability Scanner Evaluate-STIG eMASSter DISA STIG Viewer etc.
- Perform detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards where appropriate
- Support the formal testing requirements through pre-test preparations participation in the tests analysis of the results and preparation of required reports as needed.
- Perform evaluations (e.g. internal compliance audits) and/or active evaluations (e.g. vulnerability assessments) of systems to assess Cybersecurity posture and identify mitigations for risks.
- Perform routine vulnerability scanning using ACAS/Nessus and STIG configuration compliance scans in accordance with organizational time frames and requirements.
- Select justify and obtain approval for the correct impact levels for Confidentiality Integrity and Availability as well as identify and implement applicable control overlays for system records.
- Performs detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards.
- Support meetings with system or information owners stakeholders user representatives engineers administrators and leadership to ensure that cybersecurity considerations are addressed across the team and organization.
At COLSA people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our FamilyofProfessionals!Learn about our employee-centric culture and benefitshere.
Key Skills
- Computer Science
- Active Directory
- Computer information Technology
- PowerShell
- OS
- Windows
- Database
- SCCM
- Linux
- SAN
- Troubleshoot
- Backup
- Setup
- Technical Support
- UNIX
About Company
Leading Solutions in Defense, Intelligence, Space, & Civilian Markets Explore Our CapabilitiesCome See Us at Booth #713September 24-26, 2024Read MoreMeet Our Data Science LabThe Art of PossibleLearn MoreGrow With UsExplore COLSA job openingsClick Here Previous slide Next slide Leading ... View more
