This posting has been closed |
The ISSO is responsible for the following duties:
- Develop system security documentation in support of authorization and continuous monitoring under the DoD Risk Management Framework (RMF)
- Coordinate with DAOs Data Owners, SAs and devs for Security relevant changes to SSPs
- Monitor/maintain SSPs for hardware and software changes
- Participate in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access
- Ensures systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the System Security Plan
- Ensures that all system users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before granting access
- Review audit events for information systems and address events/incidents that occur with stakeholders.
- Provide guidance for identifying, drafting, and submitting incident reports
- Ensures all information system security-related documentation is current and accessible to properly authorized individuals
- Perform Nessus scans as required
- Evaluates proposed changes or additions to the information system, and advises the Information Systems Security Manager (ISSM) of their security relevance
- Participate in internal / external security audits/inspections
- Directs program system administrators on security matters
Here’s What You’ll Need:
- You must have an active TS/SCI with a polygraph
- Minimum 5 years of relevant experience.
- Thorough understanding of the RMF process (Risk Management Framework)
- Highly Experienced with XACTA, LatteArt, Biscotti & SEAR
- Working knowledge of DoDI 8500.2 “Information Assurance."
- Thorough understanding of NIST 800-53, NIST 800-37, DCID 6/3, and the NISPOM
- Experienced with government accreditation requirements under DITSCAP and DIACAP.
- Familiar with Nessus or CyborgBunny.
- Experience in evaluating, testing, certification and accreditation of classified and sensitive but unclassified information systems.
- Experienced with analysis and evaluation of hardware and software in support of the Intelligence Community (IC).
- Able to apply current computer security technologies and IA requirements to maintain system security posture.
- Responsible for maintaining and enforcing approved security policies, standards and guidelines
- Experience working directly with project developers and/or subject matter experts to create security documentation
- Proficient with MS Word, PowerPoint and working knowledge of various software tools
- Experience formatting, editing, proofreading, and quality assurance checks on documents
- Experience in identifying compliance issues, documentation, and incident reporting
Skills
Skill | Proficiency | Years Experience | Percent Used |
---|---|---|---|
Cyber Security | Any | 100% | |
Biscotti | Any | 75% | |
CISSP | Any | 75% | |
Compliance | Any | 75% | |
CyborgBunny | Any | 75% | |
DIACAP | Any | 75% | |
ISSO | 3 - 6 | 75% | |
LatteArt | Any | 75% | |
Nessus | Any | 75% | |
NIST | Any | 75% | |
RMF | Any | 75% | |
SEAR | Any | 75% | |
Auditing | Any | 50% | |
Business Requirements | Any | 25% | |
Firewall | Any | 25% | |
Risk Management | Any | 25% | |
SAS | Any | 25% |