Overview: Seeking experienced Information System Security Officer (ISSO) to support the A&A team with performing Security Impact Assessment on all Information Systems and software being introduced to the network.
Roles and Responsibilities:
Manage multiple System Impact Assessments assigned to the team through various projects, working directly with the system owners and the Project Managers to ensure the software or systems have gone through all Information Assurance checks and the required documentation and artifacts have been completed and presented to the team.
Run and review ACAS scans, SCAP scans and manually validating STIG checklists.
Analyze vulnerability scans, SCAP scans, and STIG checklists results to determine critical vulnerabilities that are still open and need to be remediated before approving the SIA.
Using Analysis results, work with the system owners to determine if open vulnerabilities can be closed, mitigated or if a POAM needs to be submitted to give the system owner time to work on remediation efforts.
Consider and identify impacts as well as consideration of existing risk mitigation strategies and work with the system POC to either close the vulnerability or mitigate the vulnerability using know mitigation strategies.
Provide recommendations to system owners on remediation steps based on DoD and AF guidance and directives.
Review and update network diagrams, submit firewall change requests.
Complete security control validation and self-assessment of a system or network to address known threats and vulnerabilities.
Run pre and post MKRunTest software evaluation scans and analyze the results to determine if the software presents any new vulnerabilities that need to be remediated.
Create SIA memorandums and supporting documentation.
Create and maintain Standard Operating Procedures (SOP) and Work Instructions (WI)
Creation and tracking of Plans of Actions & Milestones (POA&Ms) for all System Impact Assessments through the lifecycle of the project.
Shift Hours: Day-Shift; core support hours are 0600 -1800.
Basic Qualifications
Bachelor's degree in Information Security, Information Systems, or related discipline and 8+ years of direct experience; or Master’s degree and 6+ years of experience. Additional relevant/specialized training and experience may be substituted in lieu of degree.
Possess a current DoD 8570 compliant certification for IAT Level II, e.g. Security + w/CE prior to start.
Must hold active DoD Secret clearance or higher.
Experience with Nessus scanning and reading vulnerability details from tool
Understanding and experience of validation of Security Technical Implementation Guides (STIGs) for all products
System administration background
Strong written communication skills to coordinate issues and concerns with team
Experience with Command Cyber Readiness Inspection (CCRI) scoring
Strong analytical and problem-solving skills
Ability to work effectively independently as well as within a team environment.
Expert in evaluating security controls and compliance on a variety of hardware and software systems.