ISSO

Information System Security Officer (ISSO) 

Key Role 

Perform assessments of systems and networks within the networking environment or enclave and identifies where those systems/networks deviate from acceptable configurations enclave policy or local policy  This is achieved through passive evaluations (compliance audits) and active evaluations (vulnerability assessments) 

• Develops documentation in support of Risk Management Framework (RMF) processes operating procedures and policies  
• Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities 
• Operating within cleared environments performing Information Assurance specific activities to meet client needs and timelines 
• Performing Continuous Monitoring (ConMon) duties in accordance with NIST SP  (Continuous Monitoring) to include auditing for anomalous or malicious user activity 
• Establish strict program control processes to ensure mitigation of risks and supports for obtaining certification and accreditation of systems This includes process support analysis support coordination support security certification test support security documentation support investigations software research hardware introduction and release emerging technology research inspections and periodic audits 
• Periodically conducts a review of each system&#s audits and monitors corrective actions until all actions are closed 
• Perform Media management activities handle and have familiarity with controlling labeling virus scanning solutionssoftware and appropriate transfer of data (uploading/downloading) between different classification domains via manual and automated processes 

Basic Qualifications 

Experience with security tools hardware or software security implementation communication protocols and Encryption techniques or tools 

• TS/SCI clearance with a polygraph 
• DoD compliance Information Assurance Management (IAM) Level I certification 

Additional Qualifications 

• Experience in Nessus Scanning 
• Experience in STIG/SCAP 
• Experience in Splunk including Security Essentials 
• Experience using eMASS 
• Experience with SNOW 
• Experience with Linux OS 
• Experience conducting ISAP inspections