Information System Security Officer

Job description:

Responsible for supporting adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications. This position will work with the Information System Security Manager (ISSM) to maintain Authority to Operate (ATO) approvals for various systems by adhering to the Risk Management Framework (RMF). This position supports cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include the enforcement of System Security Plans, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls. Because of the need for consistent, in-person collaboration and/or the requirement to perform all work onsite due to the nature of this particular role, it will be performed full-time on site. This means work will be conducted on location at the facility 100% of the time.

Skills Required

IAM Level I certification commensurate with DoD 8570.1M requirements (or ability to obtain certification within 6 months)

High level of personal motivation and initiative to learn and acquire new skills, and adapt seamlessly to an ever-changing security environment

Customer focused, excellent communicator and ability to work with limited supervision.

Strong organizational skills

Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), IT, and program personnel.

Support the ISSM to ensure all security certification and accreditation documents in relation to assigned systems are up-to-date.

Ensure continuous monitoring (e.g. weekly, monthly, etc.) in accordance with applicable security control standards are being implemented and met.

Advanced understanding of computer networks, operations systems, and computer functions.

Coursework in a technical discipline (i.e. programming/scripting, systems administration, cybersecurity/information assurance, etc.)

Experience & Educaiton Required

IAM Level I certification commensurate with DoD 8570.1M requirements (or ability to obtain certification within 6 months)

Bachelor's Degree and 4 years work experience in a related field or 8 years of experience in a related field in lieu of degree

Skills Preferred:

ISSO or relevant cybersecurity experience

Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.

Experience with auditing and certifying compliance of various systems (Windows, Linux, Network Devices, and peripherals).

Experience with the preparation of Assessment and Authorization (A&A) documents and procedures.

Experience with development and delivery of IA-related briefings and training material.

Experience with compliance and vulnerability scanning tools (Nessus, SCAP, etc.).

Experience with the review and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, SCAP, etc.).

Translate operational requirements into technical requirements and architectures needed to meet program objectives.

Experience with conducting all aspects of a self-inspection.