What are the responsibilities and job description for the Information System Security Officer position at SPECIAL AEROSPACE SECURITY SERVICES INC?
Title: Information Systems Security Officer (ISSO)
Job Description:
Our organization is seeking an experienced Information Systems Security Officer (ISSO) to help protect our client’s data from unauthorized access. We are a Woman-Owned Small Business (WOSB) located in Leesburg, VA. This role is on-site, full-time in Huntsville, AL. This role will require experience in supporting the initial security controls implementation, system and application authorization, and continuous monitoring of major DoD systems on-prem and in commercial cloud. Our ideal candidate is a CISSP, or CISM, with 5-10 years of experience in information technology or cybersecurity.
This will include knowledge of DoD physical and environmental protection, personnel security, incident handling, security training and awareness. Candidate will be required to work in close coordination with the ISSM, System Owner, and DoD Authorizing Officials. This will include, but not limited to, developing and updating the system authorization documentation, policy and procedures development, incident reporting, support for sustained cybersecurity, exercising the cybersecurity tools and services, and supporting the implementation and monitoring of security controls across various authorization boundaries. You will also be expected to assist the ISSM in the performance of their daily activities to include assessing and addressing security anomalies and adversary actions, proving recommendations and coordination of changes.
In this role, you will:
- Work in close collaboration with the client Information System Security Manager (ISSM), Information System Owner (ISO), and DoD Authorizing Official team.
- Create and maintain existing information system security documentation to include the Risk Management Framework (RMF) Body of Evidence for systems and applications in accordance with RMF and NIST Special Publications (800-37, 800-53 and others). Identify deficiencies and provide recommendations for solutions; track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance.
- Ensure the appropriate operational security posture is maintained for assigned information systems.
- Conduct periodic and continuous monitoring of the system to ensure compliance with system’s authorization packages.
- Work with the client Cybersecurity team to implement and use various Cybersecurity tools, including security audit collection, analysis, and reporting in support of vulnerability management and continuous monitoring.
- Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes.
- Support the conduct of daily, weekly, and monthly system audits and management of the audit collection system for assigned systems, boundaries, and components.
- Support network project teams responsible for engineering and capability delivery to the client’s production IT environments.
- Communicate well, both verbally and in writing, with both government and industry personnel
Basic Qualifications
- DoD 8570.1 / DoD 8140.01 certification (IAT Level II, IAM level II, or IASAE Level II)
- Bachelor’s degree (preferably in IT, Cybersecurity, Computer Science, Information Systems Management, Engineering, or similar field of study) and have 4 years’ experience with information networks and cybersecurity; or a master's degree with 2 years’ experience.
- Strong background and extensive experience with RMF, ICD 503, NIST SP800-53, JSIG or DJSIG
- Knowledge of current authorization practices, particularly within the DoD.
Preferred Qualifications
- Past performance as a DoD major system ISSM or ISSO.
- Experience using Microsoft Office applications; Tenable Nessus, Trellix or other endpoint security capabilities, Cloud computing, Linux, UNIX, Cisco, SQL or Oracle databases, and virtual computing.
- Experience implementing and using various Cybersecurity tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and endpoint protection.
Security Clearance Requirements:
- US Citizen
- Must hold a minimum Secret clearance