Information Systems Security Officer 3

Responsibilities

• Support a program, organization, system, or enclave's information assurance program. 
• Support proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. 
• Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed. 
• Assist with managing security aspects of the information system and performing day-to-day security operations. 
• Evaluate security solutions to ensure they meet security requirements for processing classified information. 
• Perform vulnerability/risk assessment analysis to support security authorization. 
• Provide configuration management (CM) for information systems security software, hardware, and firmware. 
• Manage changes to the system and assess the security impact of those changes. 
• Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
• Support security authorization activities in compliance with the National Institute of Standards and Technology Risk Management Framework (NIST RMF).

Minimum Qualifications

• Ten (10) years of combined work-related experience in IT, cybersecurity or security authorization is required. 
• Experience in several areas is required: knowledge of current security tools, hardware/software security implementation, communication protocols, or encryption tools and techniques. 
• Familiarity with commercial security products, security authorization techniques, security incident management, and PKI and authorization services. 
• A bachelor's degree in Computer Science, Cyber Security or IT Engineering is required. 
• Four (4) additional years of work-related experience may be substituted for a bachelor's degree. 
• Required Certifications (one or more): CAP, CND, Cloud+, GSLC, Security+ CE, HCISPP

Required Capabilities

• Provide support to senior ISSOs for implementing and enforcing information systems security policies, standards, and methodologies
• Assist with the preparation and maintenance of documentation
• Assist in evaluating security solutions to ensure they meet security requirements for processing classified information.
• Assist with Configuration Management (CM) for information system security software, hardware, and firmware.
• Maintain records on workstations, servers, routers, firewalls, intelligent hubs, network switches, etc., including system upgrades.
• Propose, coordinate, and implement information systems security policies, standards, and methodologies.
• Develop and maintain documentation for Security Authorization by ODNI and DoD policies.
• Provide CM for security-relevant information system software, hardware, and firmware.
• Ensure compliance with the system security policy.
• Evaluate security solutions to ensure they meet security requirements for processing classified information.
• Maintain operational security posture for an information system or program
• Provide support to the Information System Security Manager (ISSM) for maintaining the appropriate operational Cybersecurity posture for a system, program, or enclave
• Develop and update the system security plan and other Cybersecurity documentation