Information Systems Security Officer (ISSO)
Systems & Technology Research (STR) is a privately-owned, rapidly growing business focused on research and development (R&D) for the defense and intelligence communities with a position available for an Information Systems Security Officer (ISSO) with a current Top-Secret clearance. The ISSO is responsible for ensuring appropriate operational security posture is maintained for information system(s) and as such, works in close collaboration with the Information Systems Security Manager, System Administrators, and Engineering staff.
- Provides ISSO support to classified computers in a DoD computing environment.
- Assist with the preparation and maintenance of security Assessment and Authorization documentation (e.g., SSP, MSSP, RAR, SCTM).
- Maintain day-to-day security posture and continuous monitoring of assigned information systems.
- Ensure audit records and event logs are collected, reviewed, and documented (to include any anomalies).
- Work with program personnel to include System Administrators to ensure audit functions are operating properly.
- Ensure system security measures comply with applicable government policies, provide configuration management, and accurately assess the impact of modifications and vulnerabilities for each system.
- Maintain thorough understanding of NIST 800-53 controls, determines controls applicable to the application, and document implementation in Security Controls Tractability Matrix (SCTM).
- Provide support to the ISSM for maintaining appropriate operation information assurance (IA) posture for programs.
- Conduct reviews and technical inspections (as prescribed by the IA Manager and ISSM) to identify and mitigate potential security weaknesses and ensure that all security features applied to a system are implemented and functional.
- Assist the ISSM in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities.
- Active TOP SECRET security clearance or ability to obtain one.
- Two (2) to three (3) years of experience as an ISSO implementing and maintaining the following information system requirements: NISPOM Chapter 8, DCSA Assessment and Authorization Process Manual (DAAPM), Risk Management Framework (RMF), and/or Joint Special Access Program (SAP) Implementation Guide (JSIG).
- DoD Directive 8570.1 IA certification (Security +, CISSP, etc.) or ability to obtain within 6 months upon being hired.
- Experience with Windows/Linux or similar operating environments.
- Excellent communications skills (written & oral).
- Customer focused and has excellent time management skills.
- Experience with the Enterprise Mission Assurance Support Service (eMASS) accreditation and authorization database.
- Previous security experience working in an SAP/SCI environment.
- Familiarity conducting vulnerability/compliance scans (Nessus, SCAP, etc.) and performing remediation.
- Ability to conduct information system user briefings.
- Utilize forward thinking to anticipate customer / government changes and challenges
- Bachelor’s degree in one of the following but not limited to: Information Technology, Information Assurance, Computer Information Systems, or Criminal Justice.