Information System Security Officer (ISSO)

The Enterprise Cybersecurity Engineer III (ISSO) falls under the Cybersecurity Governance, Risk, and Compliance (GR&C) team (6210) within the Office of the Chief Information Security Officer (6200).

The Enterprise Cybersecurity Engineer III (ISSO) will serve as an ISSO for JPL's institutional, research and development, and mission information systems. They will work closely with project leads, engineers, and developers to ensure cybersecurity safeguards are applied in a consistent and integrated manner, aligned with NASA and JPL cybersecurity requirements and priorities, and comply with NASA's Assessment and Authorization (A&A) process and other regulatory reporting requirements.

The Enterprise Cybersecurity Engineer III (ISSO) will serve as the GR&C focal point to:

• Ensure NASA A&A requirements are met and maintained across JPL System Security Plans (SSP) and are aligned with NASA and JPL's overarching cybersecurity strategies and solutions

• Evaluate cybersecurity requirements gaps; develop, coordinate, and maintain corresponding Plans of Action and Milestones (POA&M) and Risk Based Decisions (RBD) for leadership approvals

• Maintain JPL SSPs in accordance with NASA's A&A continuous monitoring requirements

• Address changes to information systems' security posture driven by operational needs, evolving technologies, and/or new capabilities

• Provide A&A information and supporting evidence to facilitate external audits, high-priority cybersecurity directives, and JPL contract performance objectives

The Enterprise Cybersecurity Engineer III (ISSO) will communicate and coordinate across a broad range of stakeholders to support:

• Management of cybersecurity risk in accordance with the Authorizing Official's risk appetite

• Alignment of cybersecurity efforts across JPL information systems to meet POA&M and other key cybersecurity objectives

• Understanding and agreement on cybersecurity priorities between NASA and JPL stakeholders

• Communication of JPL's unique domain needs related to NASA and JPL's A&A process

• Bachelor's degree in Cybersecurity, Computer Science, Computer or Software Engineering, or related discipline with a minimum of 6 years of related Cybersecurity experience; Master's degree in related disciplines with a minimum of 4 years of related experience; or PhD in related disciplines with a minimum of 2 years related experience.

• Demonstrated experience managing or leading cross-functional teams in complex systems-of-systems environments.

• Knowledge in security concepts and best practices, NIST Risk Management Framework, application of cybersecurity safeguards, and A&A continuous monitoring to include self/independent annual assessments.

• Experience with space mission, Ground Data System (GDS), and/or other space Telemetry, Tracking, and Command system development, integration and test, and operations.

• Strong ability to understand cybersecurity risk posture balanced with operational needs and perform business case analyses to support long-term planning.

• Experience applying cybersecurity principles across the system development lifecycle.

• Experience working with cybersecurity tools and applications such as Splunk, Nessus, GR&C tools such as RSA Archer, code analysis tools, and Endpoint Threat Detection and Response (ETDR).

• Possess the ability to develop and implement process improvements; and have excellent interpersonal and technical communication skills, both written and verbal.

Preferred Skills:

• Proven experience working with NASA Science Mission Directorate (SMD) and JPL organizations.

• Experience with Operational Technology (OT) systems to include cybersecurity risk management, threats/vulnerabilities, secure architectures, and industry best practices.

• Expert knowledge of NASA and JPL cybersecurity policies and procedures, prime contract cybersecurity requirements, government regulations, industry best practices, and emergent technologies/solutions.

• Recognized cybersecurity certification(s) (e.g., International Information System Security Certification Consortium, Inc. (e.g., CISSP), Global Information Assurance Certifications, The Computing Technology Industry Association, Inc., etc.)

• Thorough understanding of JPL project practices and familiarity with JPL organization, facilities, and processes.

JPL has a catalog of benefits and perks that span from the traditional to the unique. This includes a variety of health, dental, vision, wellbeing, and retirement plans, paid time off, learning, rideshare, childcare, flexible schedule, parental leave and many more. Our focus is on work-life balance, and living healthy, fulfilling lives as we Dare Mighty Things Together. For benefits eligible positions, benefits are effective the first day of the month coincident with or immediately following the employee's start date.

New ideas are all around us, but only a few will change the world. That's our focus at JPL. We ask the biggest questions, then search the universe for answers-literally. We build upon ideas that have guided generations, then share our discoveries to inspire generations to come. Your mission-your opportunity-is to seek out the answers that bring us one step closer. If you're driven to discover, create, and inspire something that lasts a lifetime and beyond, you're ready for JPL. Located in Pasadena, California, JPL has a campus-like environment situated on 177 acres in the foothills of the San Gabriel Mountains and offers a work environment unlike any other: we inspire passion, foster innovation, build collaboration, and reward excellence.