Information System Security Officer II (Duluth)

At&T Columbia , MD 21044

Posted 2 months ago

The Information System Security Officer II provides support for a program, organization, system, or enclave's information assurance program. Provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed. Assists with the management of security aspects of the information system and performs day-to-day security operations of the system. Evaluate security solutions to ensure they meet security requirements for processing classified information. Performs vulnerability/risk assessment analysis to support certification and accreditation. Provides configuration management (CM) for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes. Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Assessment & Authorization (A&A) packages, and System Controls Traceability Matrices (SCTMs). Supports security authorization activities in compliance with the NIST Risk Management Framework (RMF) and any DoD and IC tailored requirements.

Key tasks include:

  • Plan and coordinate the IT security programs and policies.

  • Manage and control changes to the system and assessing the security impact of those changes.

  • Obtain A&A for ISs under their purview.

  • Provide support for a program, organization, system, or enclave's IA program.

  • Serve as the Approval Authority to validate or approve user authorization for accounts associated with systems under their control.

  • Understand the authorization boundary of systems.

  • Collaboration with System and Network administrators to understand and document data flow and architecture diagrams.

  • Knowledge of security controls, the assessment and applicability to systems.

  • Maintain operational baseline of systems under their purview.

  • Provide ongoing Continuous Monitoring to assigned systems.

  • Provide and validate the operational security posture of systems and ensure they are maintained.

  • Ability to initiate the reauthorization process of a system that needs reaccreditation.

  • Ability to decommission a system when it is no longer required.

  • Manage risks while assigned system is in operation.

  • Ability to acknowledge and respond to IAVAs and create liens as necessary.

  • Ability to understand the POA&M process as well as track and closeout any outstanding liens.

  • Perform, coordinate and document security relevant changes.

  • Perform vulnerability assessments to ensure updates and system baseline are enforced.

  • Recognize a possible security violation and take appropriate action to report the incident.

  • Manage protective or corrective measure when an IA incident or vulnerability is discovered.

  • Provide security and awareness oversight and/or training as required.

  • Review of audit reduction tools to monitor and review systems for compliance with IA policy.

  • Excellent written and verbal communication skills.

  • Excellent leadership and teamwork skills.

  • Results oriented, high energy, self-motivated.

  • Candidate may be required to respond to after-hours requests as required in a 24 x 7 environment.

Required Skills, Experience, and Education: Ten (10) years' experience as an ISSO on programs and contracts of similar scope, type, and complexity is required. Experience is to include at least two (2) of the following areas: knowledge of current security tools, hardware/software security implementation; communication protocols; and encryption techniques/tools. Bachelor's degree in Computer Science or related discipline from an accredited college or university is required. DoD 8570 compliance with Information Assurance Management (IAM) Level I or higher is required. Four (4) years of additional experience as an ISSO may be substituted for a bachelor's degree.

Required Certification: Any of the following or higher certification; Security+ with Continuing Education, Certification Authorization Professional (CAP) or Global Information Assurance Certification Security Leadership Certificate (GSLC).

Required Clearance: TSSCI with Polygraph.

Job ID 1940244 Date posted 09/03/2019


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information System Security Officer (Isso)

Caci International Inc.

Posted 1 week ago

VIEW JOBS 9/8/2019 12:00:00 AM 2019-12-07T00:00 Job Description More About this Role: Duties and Responsibilities: * Responsible for providing information assurance support for digital information, ensuring its confidentiality, integrity, and availability. Responsibilities include the maintenance of authorization to operate IT systems, monitoring and testing of IT systems for vulnerabilities and prevention of compromise, support to incident response and remediation, implementation of appropriate policy, relevant user security awareness and training, and compliance with applicable government policies and directives. * Draft, prepare and maintain system security plans (e.g., SSP, RMF, IA SOP, SCTM) in accordance with the requirements of NISPOM, JAFAN 6/3 and ICD 503 for Assessment and Authorization (A&A). * Maintain day-to-day security posture and continuous monitoring of IS including security event log review and analysis. Ensure system security measures comply with applicable government policies. * Provide support to the Information System Owner for maintaining appropriate operation information assurance (IA) posture for programs. * Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, and ensure that all security features applied to a system are implemented and functional * Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems * Assist with workstation design and install of new network systems * Travel to other company locations, customer sites or professional training in support of duties as necessary * Perform as Data Transfer Agent (DTA) for multiple networks. * Perform as a primary agent for Two-Person Accountability (TPA) controlled areas. * Support the FSO in managing operational and physical security at the facility, to include, SCIF open/close duties You'll Bring These Qualifications: * The candidate must possess a (in-scope) Top Secret clearance however employment is contingent upon the applicants ability to obtain and maintain a TS/SCI with FSPG * Education: BS/BA or equivalent work experience or * Experience: Minimum 5 years of related work experience or equivalent * Knowledge of Microsoft software applications * DOD 8570.1 Certified, Security+ required These Qualifications Would be Nice to Have: * Excellent verbal and written communication skills * Working knowledge of XACTA, OBMS, PKI tools * Understanding of NIST Risk Management Framework Desired Certifications: * Certified Information Systems Security Professional (CISSP) * Working knowledge of SAP A&A What We Can Offer You: * We've been named a Best Place to Work by the Washington Post. * Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. * We offer competitive benefits and learning and development opportunities. * We are mission-oriented and ever vigilant in aligning our solutions with the nation's highest priorities. * For over 55 years, the principles of CACI's unique, character-based culture have been the driving force behind our success. Job Location US-Columbia-MD-BALTIMORE CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities. Caci International Inc. Columbia MD

Information System Security Officer II (Duluth)

At&T