Description:
The Information System Security Officer (ISSO) will be responsible for supporting our Classified Information System Cybersecurity/information Assurance Program. You will report to the Information System Security Manager (ISSM) on all aspects of classified information system security compliance.
Location: All work will be performed on-site in our Huntsville, AL office
Clearance
Primary Responsibilities
The ISSO's primary duties will consist of managing the day-to-day compliance of our classified information systems by:
- Auditing information systems to ensure compliance with security policies and procedures while reporting any discrepancies to the ISSM, P-ISSM, ISO or FSO.
- Assisting in the Risk Management Framework (RMF) authorization process by developing and maintaining artifacts for the IS Body of Evidence (BoE).
- Reviewing and approving Configuration Management (CM) requests, within delegated authority, for all related hardware, software, and security‑relevant functions, ensuring proper documentation and maintenance throughout the CCB approval process
- Assisting with sanitization and release of hardware in accordance with security policies or Authorizing Official (AO) guidance.
- Testing/evaluation and application of required technical security controls and periodic inspections of information systems
- Assessing and monitoring system compliance, auditing, security plan development and delivering information systems security education and awareness
- Investigating information system security violations and help prepare reports specifying corrective and preventative actions
- Conducting technical and administrative assessments
- Integrating new cybersecurity processes, procedures, and tools
- Support the creation, review and update of cybersecurity documentation and other technical writing
Basic Qualifications
- Bachelor's degree coupled with a minimum of four years' applicable, related experience; Associate with six years' or Master's and two years. Equivalent relevant experience and/or certifications may be considered in lieu of degree.
- Must possess CompTIA Security+ CE certification
- Currently hold active DoD Secret clearance with ability to obtain Top Secret.
Relevant Experience Considered
- Cybersecurity, systems security or hardening, Information Technology
- Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Guide (DAAG), National Industrial Security Program Operating Manual (NISPOM)
- Working with and/or supporting computer technologies (such as: databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics)
- Physical security, Project or program management, office management, senior administration, or account management
- Security configurations across multiple operating systems in various environments, to include Windows, Linux, utilizing Active Directory/Group Policy, Delinea, etc. is required.
- Organization and self-motivation with excellent documentation skills and the ability to work with minimal supervision.
Preferred Qualifications
- Experience with IT (Windows, Linux) and/or security related certifications (CISSP, CISM, CISA, etc.) is preferred.
- Experience working in DoD classified operating and/or laboratory environments
- Experience with various information system security tools that address vulnerability analysis and mitigation. These may include SPLUNK, Trellix, SolarWinds, Tenable, SCAP, STIG Viewer.
- Familiarity with implementation of Government directives and policies derived from NIST, STIG, DoD, or other Government Regulatory compliance standards within a professional industry
- Experience in the execution of the Assessment & Authorization processes, as defined within the Risk Managed Framework (RMF), eMASS
- Experience providing technical security consultation for complex, cross-domain, heterogeneous classified networked environments in collaboration with internal/external Customers, Information Technology (IT)
- Familiarity with the execution and management of cyber incident response; preservation, containment, and eradication