Information System Security Officer (ISSO)
Role details
Job location
Tech stack
Job description
As the Information Systems Security Officer (ISSO) the individual works closely with the Information Systems Security Manager (ISSM) proposing, coordinating, implementing and enforcing information system security policies, standards and methodologies. Implementing operating systems and network devices security configuration in accordance with approved Security Technical Implementation Guides (STIGs). Collaborate with team members to define and implement cybersecurity requirements for managed systems and software. Conduct security assessments of Risk Management Framework (RMF) controls implemented for assigned systems. Identify corrective actions and mitigation strategies to achieve and sustain RMF compliance.
Job Duties Include: Performing vulnerability assessments using the Assured Compliance Assessment Solution (ACAS), Security Technical Implementation Guide (STIG), and the Security Content Automation Protocol (SCAP). Performing security control continuous monitoring, security audits, risk analysis and developing mitigation strategies for DoD information systems.
Essential Job Responsibilities
Assist with all activities associated with the assessment and authorization (A&A) of all hosted computing environments. Perform cybersecurity site audits to verify architecture analysis, cybersecurity requirements and controls, verify mitigation actions, witness cybersecurity testing and evaluation and to assist the ISSM with the final approval for Authority to Operate (ATO) and/or Authority to Connect (ATC). Interface with end users to discuss IT, data management and collaboration tools understanding and benefits. Ensures software, hardware and firmware complies with appropriate security configuration guidelines. Coordinates changes or modifications with the ISSM and SCAR/SCA. Initiates protective or corrective measures, in coordination with the ISSM. Reports security incidents or vulnerabilities to the ISSM.
Requirements
- 2 years relevant experience with Bachelors in related field; 0 years experience with Masters in related field; or High School Diploma or equivalent and 6 years relevant experience.
- Experience planning and implementing network layouts of varying classifications in SCIF/SAPF spaces.
- Ability to coordinate and plan IT requirements across several Enterprise, MAJCOM, and agency partners.
- Familiarity with ICD/ICS 705 Standards as they pertain to networks.
- DoD 8570 (Sec+ or applicable) IAT level II cert required
- Active TS/SCI clearance with ability to gain SAP/SAR
Preferred Requirements
Experience working as a COMSEC responsible Officer or familiarity handling and safeguarding COMSEC
Physical Requirements
May require working in an office or laboratory environment. Capable of climbing ladders and tolerating confined spaces and extreme temperature variances.
