Performs senior level ISSO duties under the guidance of the Information System Security Manager (ISSM) on assigned government-authorized systems. Leads and reviews the monitoring of systems and operations to include developing and maintaining the System Security Plan (SSP) and Security Controls Traceability Matrix (SCTM), manages and controls changes to the system/enclave, and generates artifacts that support the Risk Management Framework (RMF) process.
Additional responsibilities include: authoring and maintaining documentation supporting the Assessment & Authorization (A&A) of assigned systems in accordance with the RMF under the JSIG and NISPOM; performing security control assessments as part of the systems' continuous monitoring plan; overseeing configuration management of assigned systems; works with IT organization to develop device and system hardening guides following DISA and NIST guidelines; continuously review and evaluate best practices for implementing a comprehensive audit program; auditing systems to ensure security posture integrity; conducting periodic hardware/software inventory assessments; identifying system security controls shortcomings and developing POA&Ms; remediate control deficiencies; conducts, documents and reports annual self-assessments; maintaining operational information security posture for a system, program, or enclave; investigating security incidents such as data spills, data integrity and malicious events; ensures all systems and information is disposed of in accordance with internal security policies and practices; authoring and delivering security education training to range of audience levels; responsible for security monitoring and auditing using COTS product (i.e. Nessus, SPLUNK, Purfile, etc.) and industry best practices; and conduct continuous monitoring and periodic self-inspections of facility and computer systems to ensure compliance with accreditation/certification of approved systems.
Qualifications:Bachelor's degree from an accredited college in a related disciplineMinimum Security+CE requiredMust have a Top Secret security clearance with the ability to get SCI5+ years' experience as an ISSO overseeing or managing cybersecurity on classified systems under, JSIG, NISPOM Ch8, ICD 503, and/or NIST 800-53Extensive experience with RMFExperience developing, managing, providing evidence to close POA&Ms associated with the A&A and project management processesAble to work individually as well as part of a teamSolid time management skillsExperience with Microsoft operating systemsExperience interpreting vulnerability scanning results (Nessus, Retina)Exceptional verbal, written, interpersonal and presentation skills, customer relationship building skills, analytical skills and ability to lead/mentor teammatesHigh level of personal motivation and initiative to learn and acquire new skills
Preferred:Linux, UNIX, Solaris and Windows experienceCISSP, CISA, CISM, CEH or GSLC certificationMicrosoft's Certified Systems Engineer (MCSE), with security focusAdoption of JIRA, Agile and SCRUM processesFlexibility to adjust to changing requirements, schedules, and prioritiesExperience working in a military environmentAble to socialize ideas, make recommendations, and gain team consensusAn Active CI polygraph and/or Full Scope Poly