Information Systems Security Officer

MTSI is seeking a highly motivated and experienced Information Systems Security Officer (ISSO) to support our team in safeguarding information systems for a government customer at WPAFB, OH. The ISSO will assist in the development, implementation, and maintenance of security policies, standards, and procedures to protect our information systems and ensure compliance with applicable government and industry regulations. The ideal candidate will possess a strong understanding of cybersecurity principles, risk management, and security technologies, as well as excellent communication and collaboration skills. This role requires a proactive individual capable of identifying and mitigating security threats, conducting security audits, and working effectively with both technical and non-technical stakeholders in both independent and team settings. This role is an in-person role that is located with our government customer's organization at WPAFB.

Responsibilities:

• Security Policy Implementation: Assist Information System Security Managers (ISSMs) in the development, implementation, and enforcement of security policies, standards, and procedures to ensure the protection of information systems and data.
• Configuration Management: Ensure that all information systems are configured securely according to DoD & organizational policies, industry's best practices, and security baselines.
• Risk Management: Conduct risk assessments to identify potential security threats and vulnerabilities. Develop and implement mitigation strategies to reduce risk and ensure business continuity. Assess the impact of changes in the IT environment and update the risk management framework accordingly.
• Security Compliance: Ensure that information systems comply with relevant government and industry standards, such as NIST, and DoD regulations. Demonstrate familiarity with RMF processes for assessments and authorization efforts to prepare and maintain documentation for ATO compliance activities.
• Continuous Monitoring: Implement and manage continuous monitoring processes to maintain compliance with ATO requirements. Utilize Security Information and Event Management (SIEM) tools (e.g., Greylog, ElkStack, Splunk) to monitor system activities, analyze logs, and identify & report suspicious behavior & anomalous findings.
• Security Audits: Conduct regular security audits and assessments to evaluate the effectiveness of security measures and identify areas for improvement. Develop and implement remediation plans to address identified vulnerabilities.
• Collaboration: Work closely with other IT and security professionals, including system administrators, network engineers, and security analysts, to ensure a coordinated approach to cybersecurity. Liaise with external stakeholders & partnering agencies as needed.
• Documentation: Maintain comprehensive documentation of security policies, procedures, system configurations, and security incidents. Prepare reports for management on security status, compliance efforts, and incident response activities.
• Security Enhancements: Research, evaluate, and recommend security enhancements to improve the overall security posture of the organization. Stay updated with the latest security trends, technologies, and threats.
  
  

Required Qualifications and Skills:

• Minimum of 3 years of experience in a similar ISSO or cybersecurity role.
• Proficiency in using security tools and technologies, such as VLANs, SIEMs, Static Application Security Testing (SAST) tools, network monitoring tools, and endpoint protection platforms (EPP).
• In-depth knowledge of network security, application security, and endpoint security principles.
• Strong understanding of operating systems (Windows, Linux, etc.) and their security configurations.
• Hands-on experience with ElkStack or other similar SIEM applications for security monitoring and log analysis.
• Experience with security compliance and regulatory requirements, including NIST USAF, and DoD regulations.
• Strong analytical and problem-solving abilities, with the capability to analyze complex security issues and develop practical solutions.
• Excellent written and verbal communication skills, with the ability to effectively communicate technical information to both technical and non-technical stakeholders.
• Ability to work independently and collaboratively in small team environments.
• Must possess a Secret clearance.
• Must hold a minimum Cybersecurity certification, such as Security or an applicable DoD 8140 certification (e.g., GSEC, CISM, CGRC, CISSP).
  
  

Desired Skills :

• Experience with eMASS.
• Experience with on-premise cloud instantiations.
• Experience with Microsoft Azure or Amazon Web Service configurations.
• Experience supporting Cross Domain Solutions
• High attention to detail.
  
  

Education Requirement:

• Associates degree and 2 additional years of relevant experience
• Bachelors degree (Preferred)