What are the responsibilities and job description for the Information Systems Security Officer (ISSO) position at Astrion?
Overview:
Astrion has an exciting opportunity for an SE-3 Information Systems Security Officer located at the 46TS/TGBB, Eglin AFB, FL.
This position provides support to the 46 Test Squadron - Sensors and Defensive Systems Flight at Eglin AFB. Working with the Information Systems Security Manager (ISSM), you will support Assessment and Authorization (A&A) activities for systems used by test engineers and data analysts. Key responsibilities include developing and maintaining security documentation (e.g., System Security Plans, Security Control Assessments, POA&Ms) to obtain and maintain system authorizations, defining information security requirements for new and existing systems, and assisting in the implementation and enforcement of security policies and standards.
REQUIRED QUALIFICATIONS / SKILLS
RESPONSIBILITIES
Information Systems Security Officer (ISSO)
LOCATION: Eglin AFB, FL
JOB STATUS: Full-time
CLEARANCE: Active Secret
CERTIFICATION: CompTIA Security or better
TRAVEL: <10%
Astrion has an exciting opportunity for an SE-3 Information Systems Security Officer located at the 46TS/TGBB, Eglin AFB, FL.
This position provides support to the 46 Test Squadron - Sensors and Defensive Systems Flight at Eglin AFB. Working with the Information Systems Security Manager (ISSM), you will support Assessment and Authorization (A&A) activities for systems used by test engineers and data analysts. Key responsibilities include developing and maintaining security documentation (e.g., System Security Plans, Security Control Assessments, POA&Ms) to obtain and maintain system authorizations, defining information security requirements for new and existing systems, and assisting in the implementation and enforcement of security policies and standards.
REQUIRED QUALIFICATIONS / SKILLS
- Bachelor's Degree in a technical field and 3 - 10 years of relevant experience. Additional relevant experience may substituted for education.
- An active Secret security clearance eligibility, and the ability to obtain and maintain a Top-Secret SCI security clearance and SAP program access and will be required to handle and safeguard sensitive and/or classified information in accordance with regulations to reduce potential compromise.
- U.S. Citizenship is required for all applicants.
- Past DoD cybersecurity experience is required.
- Background in Special Access Programs (SAP) Cybersecurity with demonstrated expertise with on-prem and cloud-based networks.
- Understanding of the Risk Management Framework (RMF) lifecycle for DoW systems in a SAP environment, specifically experience in NIST 800-53 security controls and the Joint Special Access Program Implementation Guide (JSIG).
- Knowledge of and experience designing, developing, and managing IT and cyber systems with the ability to evaluate emerging technologies and integrate them into existing architectures.
- Knowledge of and experience planning, organizing, and directing IT activities which comply with legal, regulatory, and AF/DoW-directed requirements and meet mission and customer needs.
- Ability to plan, organize, and lead others in studies or projects and to implement recommendations which may require substantial resources and/or require extensive procedural changes.
- Strong project management skills with meticulous record keeping.
- Ability to communicate effectively both orally and in writing.
- Ability to negotiate complex issues and maintain good working relationships.
- Experience with Security Technical Implementation Guide (STIG) assessments and Assured Compliance Assessment Solution (ACAS) scans.
- Experience with performing Security Impact Assessments (SIA) and vulnerability analysis on system changes as a part of Configuration Management (CM)..
- Experience in managing and responding to security incidents, supporting audits and investigations.
- Experience with system and network designs that incorporate diverse computer and network devices with varying data protection/classification requirements.
- Strong analytical skills in performing vulnerability/risk assessment analysis to support authorization and accreditation processes.
- Experience with preparation and reviewing comprehensive security documentation, including System Security Plans (SSPs), Risk Assessment Reports, Plan of Action and Milestones (POA&M), network hardware and software baselines, and Authorization To Operate (ATO) packages.
PREFERRED QUALIFICATIONS / SKILLS
- Prior use of Security Compliance Checker.
- Experience in performing security audits on systems and enclaves.
- Experience assessing Windows and Linux operating systems, virtual systems, network devices, databases, and web applications.
- Experience in performing Air Force software and application certification assessments.
- Highly recommend intermediate CompTIA certs like Cybersecurity Analyst (CySA ) / SecurityX (CASP ); GIAC certs like GIAC Certified SOC Analyst (GCSA) / GIAC Certified Incident Handler (GCIH) / GIAC Certified Intrusion Analyst (GCIA); ISC2 certs like Systems Security Certified Practitioner (SSCP) / Certified Cloud Security Professional (CCSP).
RESPONSIBILITIES
- Risk Management Framework (RMF) and System Authorization: Lead and implement the full lifecycle of the Assessment and Authorization (A&A) process for classified information systems, ensuring compliance with government frameworks and other relevant directives.
- Security Control Implementation and Assessment: Implement, assess, and monitor security controls to safeguard classified networks and information.
- Vulnerability Management and Mitigation: Perform regular vulnerability and risk assessments to identify and prioritize threats and create POA&Ms to address them.
- Performs Security Technical Implementation Guide (STIG) assessments and Assured Compliance Assessment Solution (ACAS) scans as required.
- Applies Secure Technical Implementation Guide (STIG) best practices to a wide range of information systems, networking equipment, and software.
- Incident Response and Reporting: Act as a key player in incident response activities, including investigation and reporting.
- Configuration Management and System Integrity: Provide configuration management for all security-related software, hardware, and firmware. Ensures system changes are conducted in accordance with security policy and procedures.
- Security Documentation and Compliance: Prepare, review, and maintain all security documentation, ensuring they are current and accessible. In coordination with the ISSM, develop system-level security procedures that are consistent with cybersecurity policies. Prepares and reviews comprehensive security documentation, including System Security Plans (SSPs), Risk Assessment Reports, Plan of Action and Milestones (POA&M), network hardware and software baselines, and Authorization To Operate (ATO) packages.
- Security Awareness and Training: Develop and provide security-related training to all personnel with access to classified systems, ensuring they are aware of their responsibilities and the latest security procedures. You will promote a culture of security awareness to minimize violations.
- Liaison and Communication: Serve as a primary point of contact and interface with government customers, suppliers, and internal company personnel to implement protective mechanisms and ensure compliance with all cybersecurity requirements.
- Performs other cyber security tasks as assigned.
- Oversee system and network designs that incorporate diverse computer and network devices with varying data protection/classification requirements.
- Interfaces with government customers and approving authorities across the DoD in an information security role.