Clearance Requirement: Must have Active Secret clearance.
Serve as an Information Systems Security Officer (ISSO). Assist with the Assessment and Authorization (A&A) of standalone and interconnected computers and networks. Gather the information necessary to maintain security and establish functioning external barriers, including firewalls and other security measures. Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. Maintain responsibility for managing Cybersecurity risk from a business and agency perspective. Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.
- 5 years of experience with providing security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoD, and local security policies.
- Experience in providing configuration management (CM) for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).
- Experience with reviewing system security audit logs and leveraging network scanning software to perform vulnerability or risk assessment analysis for the RME, including maintaining vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, managing system changes, and assessing the security impact of those changes.
- Ability to manage Cybersecurity activities that must be performed by system owners, including annual refresher CS training or awareness briefings or requires a personal interface, including incident response or data transfers.
- Ability to support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoD RMF.
- BA or BS degree.
- DoD IAM or IAT Level II or III Certification.
- Experience with using the NIST Security Content Automation Protocol (SCAP) tool or DoD STIG Viewer application.
- Experience with the Enterprise Mission Assurance Security Solution (eMASS).
- TS/SCI clearance preferred.