Information System Security Officer – Isso

Information System Security Officer – Isso

Requirements

• An active TS/SCI with Poly.
• 6 years of experience and HS/GED OR Bachelor’s and 2 years of experience.
• IAT Level II (Security +).
• Configuration and Document Management.
• Security Policy.
• Security Vulnerability Scanning Tools.
• System Security Plan (SSP).

Responsibilities

• Maintain operational security posture for an information system or program.
• Provide Cyber Security oversight, guidance, and support in support of Assessment and Authorization (A&A) as required by the Federal Information Security Management Act (FISMA).
• Prepare system security plan (SSP) and provide recommendations to assist in obtaining ATOs based on RMF experience IAW established cybersecurity policies and procedures.
• Verify package submissions have met the threshold for approval such as: CCIs, SCA-V results, POA&Ms, STIGs, Cyber Security Strategies and System Security Plans (SSPs) and other RMF documentation etc.
• Identify, develop (either directly, or in coordination with applicable experts), review and incorporate common artifacts found in an RMF accreditation package such as: system architecture and boundaries, hardware and software lists, risk assessment reports, POA&Ms, data flows, PPSM accounting, and other necessary system, network, and application documentation.
• Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD security controls (technical, management, operational), within RMF packages.
• Familiarity with the use of vulnerability scanning and assessment tools (e.g., ACAS/Nessus) necessary to identify and document compliance.
• Analyze and interpret vulnerability assessment results and formulate plans to mitigate vulnerabilities.
• Assist with the CM for information system security software, hardware, and firmware. Maintain records on workstations, servers, routers, firewalls, intelligent hubs, network switches, etc. to include system upgrades.
• Oversee the implementation of software patches to maintain the security posture of the organization.
• Identify information system risks and possible mitigation measures, documenting these in various risk reports and Plans of Action and Milestones (POA&Ms).
• Perform and complete STIG checklists, monitor IAVM compliance, and appropriately assess and document to completion all associated POA&Ms.
• Identify, interpret, and evaluate major applications, infrastructure, enclaves, and Enterprise system environments based on proposed accreditation boundaries.
• Establish and publish upon approval Cybersecurity policies and Standard Operating Procedures (SOPs) as required.
• Maintain and report assessment and authorization statuses and issues in accordance with organizational guidance.
• Ability to translate technical IS configurations into non-technical documentation.
• Responsible for implementing, and enforcing information systems security policies, standards, and methodologies.
• Strong verbal and written communications and interpersonal skills.

Preferred Qualifications

No preferred qualifications provided.