Information Systems Security Officer (ISSO)

Information Systems Security Officer (ISSO)

LOCATION: Eglin AFB, FL

JOB STATUS: Full-time

CLEARANCE: Active Secret

CERTIFICATION: CompTIA Security+ or better

TRAVEL: <10%

Astrion has an exciting opportunity for an SE-3 Information Systems Security Officerlocated at the 46TS/TGBB, Eglin AFB, FL.

This position provides support to the 46 Test Squadron - Sensors and Defensive Systems Flight at Eglin AFB. Working with the Information Systems Security Manager (ISSM), you will support Assessment and Authorization (A&A) activities for systems used by test engineers and data analysts. Key responsibilities include developing and maintaining security documentation (e.g., System Security Plans, Security Control Assessments, POA&Ms) to obtain and maintain system authorizations, defining information security requirements for new and existing systems, and assisting in the implementation and enforcement of security policies and standards.

REQUIRED QUALIFICATIONS / SKILLS

• Bachelor's Degree in a technical field and 3 - 10 years of relevant experience.  Additional relevant experience may substituted for education.
• An active Secret security clearance eligibility, and the ability to obtain and maintain a Top-Secret SCI security clearance and SAP program access and will be required to handle and safeguard sensitive and/or classified information in accordance with regulations to reduce potential compromise.
• U.S. Citizenship is required for all applicants.
• Past DoD cybersecurity experience is required.
• Background in Special Access Programs (SAP) Cybersecurity with demonstrated expertise with on-prem and cloud-based networks.
• Understanding of the Risk Management Framework (RMF) lifecycle for DoW systems in a SAP environment, specifically experience in NIST 800-53 security controls and the Joint Special Access Program Implementation Guide (JSIG).
• Knowledge of and experience designing, developing, and managing IT and cyber systems with the ability to evaluate emerging technologies and integrate them into existing architectures.
• Knowledge of and experience planning, organizing, and directing IT activities which comply with legal, regulatory, and AF/DoW-directed requirements and meet mission and customer needs.
• Ability to plan, organize, and lead others in studies or projects and to implement recommendations which may require substantial resources and/or require extensive procedural changes.
• Strong project management skills with meticulous record keeping.
• Ability to communicate effectively both orally and in writing.
• Ability to negotiate complex issues and maintain good working relationships.
• Experience with Security Technical Implementation Guide (STIG) assessments and Assured Compliance Assessment Solution (ACAS) scans.
• Experience with performing Security Impact Assessments (SIA) and vulnerability analysis on system changes as a part of Configuration Management (CM)..
• Experience in managing and responding to security incidents, supporting audits and investigations.
• Experience with system and network designs that incorporate diverse computer and network devices with varying data protection/classification requirements.
• Strong analytical skills in performing vulnerability/risk assessment analysis to support authorization and accreditation processes.
• Experience with preparation and reviewing comprehensive security documentation, including System Security Plans (SSPs), Risk Assessment Reports, Plan of Action and Milestones (POA&M), network hardware and software baselines, and Authorization To Operate (ATO) packages.

PREFERRED QUALIFICATIONS / SKILLS

• Prior use of Security Compliance Checker.
• Experience in performing security audits on systems and enclaves.
• Experience assessing Windows and Linux operating systems, virtual systems, network devices, databases, and web applications.
• Experience in performing Air Force software and application certification assessments.
• Highly recommend intermediate CompTIA certs like Cybersecurity Analyst (CySA+) / SecurityX (CASP+); GIAC certs like GIAC Certified SOC Analyst (GCSA) / GIAC Certified Incident Handler (GCIH) / GIAC Certified Intrusion Analyst (GCIA); ISC2 certs like Systems Security Certified Practitioner (SSCP) / Certified Cloud Security Professional (CCSP).

   

 RESPONSIBILITIES

• Risk Management Framework (RMF) and System Authorization: Lead and implement the full lifecycle of the Assessment and Authorization (A&A) process for classified information systems, ensuring compliance with government frameworks and other relevant directives.
• Security Control Implementation and Assessment: Implement, assess, and monitor security controls to safeguard classified networks and information.
• Vulnerability Management and Mitigation: Perform regular vulnerability and risk assessments to identify and prioritize threats and create POA&Ms to address them.
• Performs Security Technical Implementation Guide (STIG) assessments and Assured Compliance Assessment Solution (ACAS) scans as required.
• Applies Secure Technical Implementation Guide (STIG) best practices to a wide range of information systems, networking equipment, and software.
• Incident Response and Reporting: Act as a key player in incident response activities, including investigation and reporting.
• Configuration Management and System Integrity: Provide configuration management for all security-related software, hardware, and firmware. Ensures system changes are conducted in accordance with security policy and procedures.
• Security Documentation and Compliance: Prepare, review, and maintain all security documentation, ensuring they are current and accessible. In coordination with the ISSM, develop system-level security procedures that are consistent with cybersecurity policies. Prepares and reviews comprehensive security documentation, including System Security Plans (SSPs), Risk Assessment Reports, Plan of Action and Milestones (POA&M), network hardware and software baselines, and Authorization To Operate (ATO) packages.
• Security Awareness and Training: Develop and provide security-related training to all personnel with access to classified systems, ensuring they are aware of their responsibilities and the latest security procedures. You will promote a culture of security awareness to minimize violations.
• Liaison and Communication: Serve as a primary point of contact and interface with government customers, suppliers, and internal company personnel to implement protective mechanisms and ensure compliance with all cybersecurity requirements.
• Performs other cyber security tasks as assigned.
• Oversee system and network designs that incorporate diverse computer and network devices with varying data protection/classification requirements.
• Interfaces with government customers and approving authorities across the DoD in an information security role.