Information System Security Officer (ISSO)
: Job Details :

Responsibilities:

• Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG).
• Implement media control procedures and continuously monitor for compliance.
• Verify data security access controls and assign privileges based on need-to-know.
• Investigate suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs).
• Apply and maintain required confidentiality controls and processes.
• Verify authenticator generation and verification requirements and processes.
• Execute media sanitization (clearing, purging, or destroying) and reuse procedures.
• Protect Controlled Unclassified Information (CUI), Special Access Programs (SAP), Sensitive Compartmented Information (SCI), and Personally Identifiable Information (PII).
• Create and manage the Body of Evidence (BOE).
• Maintain privilege access control logs.
• Create and manage Interconnection Security Agreements (ISA).
• Ensure JSIG compliance of applications within multiple accredited boundaries.
• Track vulnerabilities by creating Plan of Action and Milestones (POA&M).
• Manage the configuration and documentation in the program's instance of Enterprise Mission Assurance Support Services (eMASS).
• Maintain and manage continuous monitoring of DoD Security Technical Implementation Guide (STIG) compliance.
• Enforce continuous monitoring strategies using tools such as Splunk, Oracle Cloud Control, ACAS reports, and scripts for database/application user/privilege review.
• Conduct code reviews for database and application development and configuration management activities.
• Analyze events or test results and prepare POA&Ms.
• Establish and satisfy information assurance and security requirements based on user, policy, regulatory, and resource demands.

Requirements:

• Per contract requirements candidates must possess an active TS/SCI clearance with the ability to obtain CI Poly.
• Bachelor's degree in a relevant field (e.g., Computer Science, Information Systems Management, Engineering) is required for this position. 4 years of relevant work experience may be considered in lieu of the degree requirement.
• Security+ certification or equivalent (DoD 8570) if no current IAM Level II certification.
• 8+ years of experience in cybersecurity or a related field, 2+ years of experience Windows/Linux, 2+ years of cybersecurity experience in the Department of Defense (DoD) or Intelligence community.
• 2+ years of experience as a Cyber or Security Analyst for federal information systems.
• 2+ years of experience with the Federal Risk and Authorization Management Program (FedRAMP).

Preferred Requirements:

• IAT level III certification (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH), or ability to obtain certification within six months of hiring.
• Experience with the Special Access Programs (SAPs) and Intelligence Community (IC).
• Knowledge and/or understanding of Joint Special Access Program Implementation Guide (JSIG)
• Strong familiarity with the Risk Management Framework (RMF), Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) FIPS 199/200 and Special Publications.
• Experience with the Federal Risk and Authorization Management Program (FedRAMP).