Information System Security Officer (ISSO)

Summary:

The ISSO shall monitor, coordinate, and conduct System Security evaluations, audits, and reviews.

Duties and responsibilities consist of, but are not limited to, the following:

  • The ISSO shall perform and interpret vulnerability assessments. Provide comprehensive support with documenting and reporting the Information Assurance Vulnerability Alerts (IAVA), Information Assurance Vulnerability Bulletins (IAVB) and Computer Tasking Orders (CTO) for RAMPOD.
  • The ISSO shall support the development, review, endorsement, and maintenance of all IA related security documentation for all applications, networks, and stand-alone systems, including certification and accreditation processes. Contribute to the development and testing of contingency plans for mission critical, essential, unclassified and classified computer systems to ensure unplanned disruption of service will not critically impact the mission.
  • Contribute to the development, review, endorsement, maintenance, and submittal of the RMF Security Authorization package for approval to operate. Help with providing Public Key Infrastructure (PKI) and Common Access Card (CAC) support; and help with monitoring existing and new DOD, DON, and other agency IT and Security policies to stay current.
  • Conduct risk and vulnerability assessments of planned and installed information systems; participate in system and network design to ensure information security policies are followed; conduct analysis, periodic testing, evaluation, verification, and review of information system installation at the appropriate classification level.
  • Prepare Incident and Violation Management documents that are reported to the ODAA and DOD reporting chain.
  • The ISSO shall monitor, coordinate, and direct the implementation of security guidelines and actions appropriate to remedy security deficiencies (i.e., viruses, intrusion attempts, access, denial, password violations, network bypass, etc.); participate in gathering, analyzing, and preserving evidence used in the prosecution of computer crimes; and when required, provide support with the investigation and report all NMCI/DOD Information Security violations; help with coordinating incident handling for spillage of classified material.
  • Test and operate intrusion detection systems, enterprise anti-virus systems and software deployment tools.
  • Review and recommend the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.
  • Perform log analysis, review suspicious or malicious code, and interpret intrusion-related information.
  • Provide other services not specifically stated in relation to RAMPOD IA.
  • Developing, modifying, and maintaining security documentation.
  • Ability to effectively communicate in both written and oral form with Program Management, DAA Representative and Government Security Office.
  • Conducting DOD Risk Management Certification and Accreditation Program per DoDI 8510.01, Common Criteria, and FISCAM (NIST). Should be able to review NIST requirements in addition to creating necessary artifacts.
  • Providing Incident and Violation Management ensuring that security violations/incidents are properly reported.
  • Ability to listen and communicate effectively with others, express ideas, and encourage discussion and openness. Effectively use written and oral communication techniques to clearly present technical information and negotiate solutions to problems. Apply diplomacy and tact in dealing with controversial and political issues.
  • Meet the requirements defined in DoD 8570.01-M and AFMAN 17-1303.

Qualifications:

  • 10+ years’ experience in providing Information Assurance support at the Enterprise level: 5 of which should be RAMPOD specific.
  • Experience in Access control; awareness and training; audit and accountability; certification, accreditation, and security assessments; configuration management; contingency planning; identification and authentication; incident response; media protection; physical and environmental protection; personnel security; risk assessment; systems and service acquisition; system and communications protection; and system and information integrity.
  • Have DOD 8570.1-M for IA Work Force requirements at the IAM II or III certification level by holding an active certification in one or more of the following: CISSP, CAP, CISM, CASP CE and/or GSLC.
  • 3 or more years’ experience working with security system functions, technical security safeguards, security policies and operational security measures to include a working knowledge of the DoD 8500.
  • Experience in conducting and/or overseeing Risk and Vulnerability Assessment for IT Systems.
  • Knowledge and experience with Federal Information Security Management Acti (FISMA), E-Government Act, Freedom of Information Act (FOIA), Privacy Act, and other Federal requirements, as well as all National Institute of Standards and Technology (NIST) publications related to certification and accreditation (C&A), specifically: System Security Plans, Contingency Plans, Configuration Management Plans, Privacy Impact Assessment, and other security documents.
  • Knowledge of Automated Information System Security policy and guidance as mandated by Congress in Public Law (PL 100-235) Computer Security Act, and Office of Management and Budget in OMB Circular A-130, Department of Commerce Federal Information Processing Publications (FIPS PUBS), and National Security Agency standards.
  • Technical knowledge of network and router protocols, firewalls, Base Hosts, Virtual Private Networks (VPNs), NIPRNET, SIPRNET, and modern computer operating systems.
  • Be sufficiently versed in information assurance, information technology network architecture and possess strong analytical skills.
  • Capable of applying technical discipline, following specific procedures in carrying out the support functions, and assembling data to document and analyze activities.
  • Capable of researching problem situations and developing recommended solutions.
  • Possess an excellent understanding of technical issues, ability to communicate verbally and in written form effectively, and the ability to work within U.S. Government contractual realm.
  • Possess extensive knowledge of Information Assurance practices and conventions, IA/network analysis tool and software.

Certifications:

Must have ONE of the following certifications:

  • CISSP – Certified Information Systems Security Professional
  • GSLC-GIAC Security Leadership Certificate
  • CAP – Certified Authorization Professional
  • CASP CE – CompTIA Advanced Security Practitioner
  • CISM – Certified Information Security Manager

and one or more of the following certifications are desired:

  • GIAC Security Essentials Certification
  • Security Certified Network Professional (SCNP)
  • System Security Certified Practitioner (SSCP)
  • Security +

Must have a current SECRET clearance or an inactive SECRET clearance within the last 24 months.

Wage is DOE and this announcement is open until filled.

Work location is 1100 Park Drive, Warner Robins, GA 31088

Position is subject to US Government requirements.

If you are interested, please use the “Contact Us” hyperlink on the footer of this page to email us your resume.