Information Systems Security Officer (ISSO) TacticalAviation Systems

General Summary:
Implementing and documenting management operational and technical NIST 800-53 security controls foraviation based information technology systems platforms and tactical communication equipment to achieve and maintain Authorization (ATO or IATT) under the Risk Management Framework (RMF) in accordance with DOD Army NETCOM and organizational policies

Principal Duties and Responsibilities (*Essential Functions):

• Supports the formal testing requirements through pre-test preparations participation in the tests analysis of the results and preparation of required reports.*
• Prepares Test Plans and identifies cybersecurity concerns and risks associated with tests and documents effective mitigtions.*
  Identifies where systems/networks deviate from acceptable configurations enclave policy or local policy especially relating to test configurations and interconnections.*
  Updates and maintains enterprise Mission Assurance Support System (eMASS) records for information systems and platforms.*
• Creates or updates system Authorization Boundary Diagrams Information or Data Flow Diagrams (ports protocols and services) and Security Architectures.*
• Ensures that assigned IT systems platforms or applications can receive an IATT ATO or Assess Only Approval.*
• Identifies and properly documents deviations vulnerabilities and mitigations on the system Plan of Actions and Milestones (POA&M) in eMASS to include importing results from technical scans into eMASS and managing the resulting POA&M items.*
• Reviews existing documentation and performs edits and updates to ensure the applicable security controls continue to be met and remain effective.*
• Reviews creates or updates a variety of DOD and RMF documentation (including but not limited to Security Plans (SP) Configuration Management Plans (CMP) Incident Response Plans (IRP) Contingency Plans (CP) Access Control Policies and other Assessment & Authorization (A&A) artifacts) as needed.*
• Identifies the correct applicable Security Technical Implementation Guide (STIG) and Security Requirements Guides (SRG) for technologies used with systems and also test and apply them to the components of the information system.
• Uses a variety of cybersecurity tools that include but are not limited to enterprise Mission Assurance Support System (eMASS) Security Content Automation Protocol (SCAP) Compliance Checker (SCC) Assured Compliance Assessment Solution (ACAS)/Nessus Vulnerability Scanner Evaluate-STIG eMASSter DISA STIG Viewer etc.
• Selects justifies and obtains approval for the correct impact levels for Confidentiality Integrity and Availability as well as identify and implement applicable control overlays for system records.
• Provides network and security operations technical analysis assessment and recommendations.
  Performs detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards.
  Establishes strict program control processes and policies to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
  Advises appropriate leadership (e.g. Information System Security Manager etc.) of security relevant changes affecting the organizations cybersecurity posture.
• Supports customer meetings integrated product teams test event planning providing cybersecurity support as needed.

At COLSA people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our FamilyofProfessionals!Learn about our employee-centric culture and benefitshere.