Information System Security Officer

 

Description:

The Information System Security Officer (ISSO) serves as the principal advisor to the Information System Owner (ISO) and Information System Security Manager (ISSM) on all matters, technical and otherwise. The ISSO will perform a classified cyber security role supporting multiple programs with working knowledge of the Risk Management Framework (RMF).

ESSENTIAL JOB FUNCTIONS:
 

  • Maintains/recommends changes of the cybersecurity program to the ISSM.
    • Participates in the development and implementation of security procedures.
    • Works with ISSM to develop operational information systems security.
    • Leverages guidance pertinent to all applicable directives and publications
  • Participates in the generation and maintenance of RMF documentation.
    • Plays an active role in monitoring a system and its environment of operation to include developing and updating the system artifacts, managing, and controlling changes to the system and assessing the security impact of those changes, in close coordination with the ISSM.
    • Reviews artifacts pertinent to an information system ensuring Authorization to Operate (ATO) compliance.
    • Coordinates with ISSM/CPSO on approval of external information systems
    • Maintains, per individual system and its accreditation, a baseline of configuration, hardware, software, and firmware.
    • Maintains, updates, and executes information system continuous monitoring plan.
    • Ensures data ownership and responsibilities are established for each IS and specific requirements (e.g., accountability/access/special handling requirements) are enforced.
    • Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS.
  • Maintains a working knowledge of system functions, security policies, technical security safeguards and operational security measures.
    • Ensures adherence to these information system security policies and procedures.
    • Ensures proper procedures are followed, per the Cyber Incident Response Plan, when information system security incidents are discovered.
    • Disseminates appropriate documentation to all applicable personnel.
  • Assist with development of an effective information system security education, training, and awareness program.
    • Ensures initial, annual and “as needed” training is accomplished and documented.
  • Prepares audit/event reports for ISSM review, highlighting any/all anomalies.
    • Ensures events captured are as outlined in applicable directives and publications.
  • Participates in scheduling periodic testing to evaluate the security posture of IS.
    • Coordinates with disinterested parties to employ various intrusion attacks.
    • Ensures all system security-related vulnerabilities are documented and ensure serious/unresolved violations are reported to the AO/DAO
  • Ensures systems are operated, maintained, and disposed of according to the policies and procedures outlined in the security authorization package.
    • Advises users on the proper operation of a specific IS as outlined in its SCTM.
    • Assists SAs in the approved maintenance procedures as approved by the ATO.
    • Provides guidance, based on component classification, before purging and release
  • Ensures system administrators (SA) monitor all available resources that provide warnings of system vulnerabilities or ongoing attacks.
    • Confirms domain/local policies are configured to meet regulatory requirements.
    • Monitors system backup and recovery processes to ensure security features and procedures can be properly restored and are functioning correctly.
  • Serves as member of the configuration change board (CCB).
    • Coordinates any configuration changes of a system with the ISSM prior to the change.
    • Assesses changes to the system/operational needs that could affect its accreditation.
    • Voting/veto member of the CCB for all systems.
  • Assists with coordination between Kratos Security and Defense and Government authorities regarding system security posture requirements.
  • Participates in information system security inspections, tests, and reviews.
  • Ensures ISSM understands inspection timelines, operational impacts, and results.
  • Serve as a member of the COMSEC Team.
  • The ISSO shall assume ISSM responsibilities in the absence of or if no ISSM is assigned.
    • Assists the ISSM in meeting their duties and responsibilities.
  • Interfaces with internal and external customers, program managers, IT, security staff, etc.
  • Maintains required DoDD 8570.01 IAM level II certifications.
    • Attends required technical and security training (e.g., operating system, networking, security management) relative to assigned duties.
  • Provides technical guidance as a non-voting member of the configuration change board.
  • Other duties may be assigned.

Organization Kratos Defense and Security Solutions
Industry Other Jobs Jobs
Occupational Category Information System Security Officer
Job Location California,USA
Shift Type Morning
Job Type Full Time
Gender No Preference
Career Level Intermediate
Experience 2 Years
Posted at 2026-06-09 7:00 pm
Expires on 2026-07-24