Information Systems Security Officer – Isso

Information Systems Security Officer – Isso

Requirements

• Active TS/SCI Clearance required.
• BS from an accredited college or university and 8+ years of experience, other experience may be considered instead of a degree.
• Minimum of 5 years of extensive experience in cyber security, information assurance, and risk management framework processes.
• DoD 8570.0 and DoDD 8140.01 Information Assurance Technical (IAT) Level II or higher.
• 2+ years of demonstrated aggregate experience performing IT application, system, and Network project reviews and providing technical and policy DoD cybersecurity guidance.

Responsibilities

• Directly support and provide inputs to the ISSM such as, but not limited to, support the Assessment and Authorization (A&A), duties identified in the Continuous Monitoring Plans and to facilitate the Security Controls Assessment for all assigned information systems.
• Assists in the administration and monitoring of the implementation of the Risk Management Framework (RMF) steps and activities throughout system life cycle to ensure appropriate security posture is maintained.
• Implement cyber security program, policies, and procedures for the assigned information systems.
• Maintain a working knowledge of current and upcoming/scheduled events, assigned information system functions, security policies, technical security safeguards, and operational security measures.
• Possess SME-level knowledge of DoD, Defense Intelligence Agency (DIA), and Risk Management Frameworks (RMF) core concepts and processes.
• Coordinate with applicable stakeholders.
• Maintain the Authorization to Operate (ATO) packages, as required, for the assigned information systems in the appropriate A&A System of Record (e.g., XACTA 360, Keystone, eMASS).
• Review/analyze Audit Logs (e.g., Splunk logs, Windows Event (EVTX) logs, Linux syslogs, and others as required) for assigned information systems.
• Perform validation checks to ensure the assigned information systems have the CM-approved software installed, to include Antivirus definitions.
• Perform cyber security compliance/vulnerability scans and manual checks.
• Execute the ISSO-specific duties identified programs Plans for the assigned information systems.
• Implement the account management process for the assigned information systems and issue the appropriate credentials to users.
• Implement the user-centric cyber security education, training, and awareness program, as required by the ISSM.
• Perform other duties as assigned in support of the NCRC mission.

Preferred Qualifications

• Shall have at least one certification requirement listed on DoDM 8140.03, DoD Cyberspace Workforce Framework
• Have background knowledge of: VMWare – Virtualization and security (vSphere, vCenter, NSX, ESXi), RHEL – Ansible, Kubernetes, StackRox, OpenShift, AWS/Azure – Cloud technologies/Containerization, F5 BIG IP and Cisco – networking devices/distributed technologies, STIG and IAVA implementation, NetApp – Storage technologies, Dell Blade Servers