Information System Security Officer

10+ years of experience in application of NIST, DoD, and Army Cybersecurity and Risk Management Framework policies, directives, instructions, manuals, and best business practices
4+ years of experience in a supervisory role
Knowledge of industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
Knowledge of disaster recovery continuity of operations plans, enterprise incident response programs, roles, and responsibilities, and network security architecture concepts, including topology, protocols, components, and principles such as application of Defense-in-Depth
Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins, measures, or indicators of system performance and availability, and network systems management principles, models, methods, such as end-to-end systems performance monitoring, and tools
Knowledge of server administration and systems engineering theories, concepts, and methods, and systems lifecycle management principles, including software security and usability
Ability to determine how a security system should work, including its resilience and dependability capabilities, and how changes in conditions, operations, or the environment will affect these outcomes
TS/SCI clearance
Bachelor’s degree
DOD 8570.01-M IAM II certification

Lead all Risk Management Framework (RMF) and cybersecurity efforts and coordinate with outside agencies and at the client location
Ensure that the cybersecurity risk management process is in place and the appropriate operational security posture is maintained and documented
Conduct scheduled scans of networks and systems
Validate applied Security Technical Implementation Guides (STIGs) and patches performed by System Administrators (SAs) and Network Administrators (Nas)
Create or implement required RMF products, such as Plans of Action and Milestones (POA&M) and STIGs
Perform continuous monitoring of applied STIGs and patches
Conduct periodic auditing to assess vulnerabilities of networks and systems
Assist the Information Systems Security Manager (ISSM) in meeting their duties and responsibilities and initiate protective measures for cybersecurity incidents
Produce artifacts, trackers, and other necessary documents to meet the Security Control Assessment Validation (SCA-V) and maintain the United States Army Type Authority to Operate (ATO)