Information Systems Security Officer (ISSO)

Overview --------

Astrion has an exciting opportunity coming up for an Information Systems Security Officer (ISSO) to join our team and support the 39th Information Operations Squadron (39 IOS) located at Hurlburt Field, FL. We are preparing to hire for Journeyman, Senior, and SME levels. We anticipate a start date in March/April 2026.

Cyber Operations Formal Training Support III (CyOFTS III) --------------------------------------------------------

CyOFTS III is a Cyber Schoolhouse program supporting delivery, development, and sustainment of cyber training across operationally relevant mission sets. The team supports instruction, curriculum and content development, training operations, and program execution at multiple Air Force and joint training locations.

Required Qualifications / Skills -------------------------------

• Active Top Secret clearance
• IAT/M Level II certification
• Education and Experience will depend on the labor category level
• Previous Information System Security experience is required

Responsibilities ----------------

Perform Information Systems Security Officer duties consistent with the labor category and required RMF experience. Support Risk Management Framework (RMF) activities consistent with the required experience timeframe.

Key Responsibilities --------------------

• Manage and perform records management for all Account Forms, including:
• Cybersecurity Awareness training for all students
• Authorized User Agreements and associated user forms for all networks required for duty at the 39 IOS
• System Authorization Access Requests
• Privileged User Agreements
• 8570/8140 validation
• Operating System Certification validation
• Associated user forms
• Maintain appointment letters for work roles, including:
• Program Managers
• ISSO
• Information Systems Security Manager (ISSM)
• Information Systems Security Engineer (ISSE)
• Systems Administrators
• Client Systems Technicians
• Cybersecurity Liaisons
• Perform wireless scanning throughout the facility to ensure no rogue activity, including:
• Reviewing vulnerability scans on all networks and responding to any vulnerabilities appropriately
• Conducting network audits on all networks
• Manage and update Management Internal Control Toolkit (MICT) checklists for assigned programs, including:
• Privileged User
• 17-1301 Computer Security (COMPUSEC)
• 17-101 Risk Management Framework (RMF)
• Inspect equipment prior to entry and exit of the facility and ensure entry and exit logs are accomplished, along with reviewing, updating, and enforcing Media Control policy, including:
• Issuing and tracking removable media
• Ensuring media sanitization
• Validate administrator accounts on all networks and respond to any discrepancies appropriately
• Review equipment purchase requests to ensure items are on approved products listings and meet requirements to enter the facilities
• Ensure cybersecurity marking and standards enforcement, including:
• Classification stickers and markings on all systems
• Bomb threat aids posted by all phones
• Combined Security Cards posted by all workstations
• Perform random bag and walkthrough inspections with the Security team and respond to incidents and assist with response and reporting
• Answer all TASKORDS/taskers by MAJCOM for action on owned networks, including:
• Vulnerability remediation and data calls
• Review, update, and enforce the Security Concept of Operations (SECONOPS) and contingency plan policy
• Maintain Risk Management Framework (RMF) packages for all networks owned/operated by the 39 IOS, including:
• Answering data calls
• Preparing system package
• Categorizing system by guiding documents
• Selecting security controls for risk mitigation
• Implementing security controls
• Assessing security control effectiveness
• Monitoring system and updating accreditation package
• Security Impact Analysis (SIA) submissions for tenants requesting changes and install of new software
• Responding to and coordinating requirements for accreditation package not owned by the squadron
• Order, issue, manage, and account for all tokens granting access to networks, as well as auditing and inventorying issuance of student user tokens
• Perform COMPUSEC and Information Security (INFOSEC) duties and manage the Cybersecurity Liaison program for the squadron under the direction of the Wing Cybersecurity Office
• Support functions aligned to DCWF work roles (Information Systems Security Manager; Security Control Assessor; Cyber Defense Incident Responder) as applicable
• Maintain and apply required IAT/M Level II certification within the scope of assigned duties