Senior Information System Security Officer (ISSO)

Job Summary: Seeking a highly skilled, Senior Information Systems Security Operator (ISSO) to join our team.

Job Description & Requirements: The ideal candidates will be responsible for ensuring the security and integrity of our information systems by implementing and maintaining robust security measures. This includes developing and enforcing security policies, conducting regular security audits, and staying up to date with the latest cybersecurity threats and trends.

Key Responsibilities:

• Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG).
• Implement media control procedures and continuously monitor for compliance.
• Verify data security access controls and assign privileges based on need-to-know.
• Investigate suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs).
• Apply and maintain required confidentiality controls and processes.
• Verify authenticator generation and verification requirements and processes.
• Execute media sanitization (clearing, purging, or destroying) and reuse procedures.
• Protect Controlled Unclassified Information (CUI), Special Access Programs (SAP), Sensitive Compartmented Information (SCI), and Personally Identifiable Information (PII).
• Create and manage the Body of Evidence (BOE).
• Maintain privilege access control logs.
• Create and manage Interconnection Security Agreements (ISA).
• Ensure JSIG compliance of applications within multiple accredited boundaries.
• Track vulnerabilities by creating Plan of Action and Milestones (POA&M).
• Manage the configuration and documentation in the program's instance of Enterprise Mission Assurance Support Services (eMASS).
• Maintain and manage continuous monitoring of DoD Security Technical Implementation Guide (STIG) compliance.
• Enforce continuous monitoring strategies using tools such as Splunk, Oracle Cloud Control, ACAS reports, and scripts for database/application user/privilege review.
• Conduct code reviews for database and application development and configuration management activities.
• Analyze events or test results and prepare POA&Ms.
• Integrate project management, configuration management, continuous monitoring, and POA&M processes.
• Prepare reports identifying the results of compliance and performance tests.
• Develop and implement information assurance/security standards and procedures.
• Coordinate, develop, and evaluate security programs for the organization.
• Review information assurance/security solutions to support customer requirements.
• Identify, report, and resolve security violations.
• Establish and satisfy information assurance and security requirements based on user, policy, regulatory, and resource demands.
• Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle.

Minimum Requirements:

• A bachelor's degree in a relevant field (e.g., Computer Science, Information Systems Management, Engineering) is required for this position.
• 4 years of relevant work experience may be considered in lieu of the degree requirement.
• 7 years of general experience in cybersecurity or a related field.
• 4 years of experience displaying strong knowledge of operating systems (e.g., Windows, Linux).
• 4 years of cybersecurity experience in the Department of Defense (DoD) or Intelligence community.
• Strong knowledge of cybersecurity principles, tools, and techniques.
• Demonstrated experience with the Risk Management Framework (RMF), Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) FIPS 199/200 and Special Publications.
• Experience with the Federal Risk and Authorization Management Program (FedRAMP).
• Security or equivalent (DoD 8570) if no current IAM Level II certification (below).

Desired Skills & Qualifications:

• IAM level II certification (CASP , GSLC, CISM, CISSP, CCISO), or ability to obtain certification within six months of hiring.
• Experience as a Cyber or Security Analyst or Security Control Assessor (SCA) for federal information systems.
• Experience with the Special Access Programs (SAPs) and Intelligence Community (IC).
• Knowledge and/or understanding of Joint Special Access Program Implementation Guide (JSIG).
• The ability to adapt in fast paced environments, comfort with ambiguity.
• Familiarity with cloud technologies, security practices, and agile methodologies.
• Strong self-organization and self-management skills with emphasis on self-initiation and follow through.
• Proven written and oral communication skills.
• Experience in reviewing proposed change requests related to system design/configuration and performing security impact analysis.
• The ability to work independently.

Please provide a MS Word resume and quantify the following number of years and projects and list clients and certifications -

QUALIFICATION

Department of Defense (DoD) - number of years
Intelligence Community (IC) - number of years

Active TS/SCI Clearance with or ability to obtain CI Poly - Yes/No [list/date]

Information Systems Security - number of years

Cybersecurity - number of years

Operating Systems - number of years
Cybersecurity principles/tools/techniques - number of years
Risk Management Framework (RMF) - number of years
Federal Risk and Authorization Management Program (FedRAMP) - number of years
Federal Information Security Management Act (FISMA) - number of years
National Institute of Standards and Technology (NIST) - number of years
FIPS 199/200 - number of years
{other Special Publication(s)} - number of years

Cyber/Security Analyst for federal information systems - number of projects
Security Control Assessor (SCA) for federal information systems - number of projects
Special Access Programs (SAPs) - number of projects
Joint Special Access Program Implementation Guide (JSIG) - number of projects

Senior Information System Security Officer (ISSO) for {list client(s)}

Other Information System Security roles include {list client(s)}

Certification [Security (ce), DoDD 8570]

The post appeared first on .

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.