Ts/Sci Information System Security Officer (Isso)

Job Title: Information System Security Officer (ISSO)

Locations: Springfield, Virginia and St. Louis, Missouri

Security Clearance Required:TS/SCI

Skill Level 3 -SIOF

• Operate within cleared environments to perform Information Assurance specific activities for customer needs and timelines.
• Perform assessments of systems and networks within the networking environment or enclave and identify where those systems or networks deviate from acceptable configurations, enclave policy, or applicable Agency policies and guidelines.  Perform compliance audits (passive evaluation) and vulnerability assessments (active evaluation). 
• Develop Risk Management Framework (RMF) process operating procedures, policies, and related documentation.
• Perform duties per NIST SP 900-137, Continuous Monitoring, and audit for anomalous or malicious user activity.
• Periodically review audits of all systems and monitor corrective actions to ensure closure of all action items.
• Manage media, including handling and control, labeling, virus-scanning solutions, and data transfers between classification domains via manual and automated processes.
• Create and enforce strict program control processes to ensure risk mitigation, system accreditation, and certification attainment support.  Support will include process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections, and periodic audits.

• Meet requirements for DoD 8570 IAT Level 1 Professional Certification.

• Meet requirements for or possess DoD 8570 IAT Level 2 Professional Certification.
• Demonstrated ability to conduct research and analysis for network and information system security principles and best practices.
• Knowledge of information security program management and project management principles and techniques.
• Familiarity with security violation mitigation measures and incident reporting actions.
• Proficiency in computer networking concepts and protocols and network security methodologies.
• Familiarity with host/network access control mechanisms.  Knowledge of cybersecurity principles to manage risks tied to use, processing, storage, and transmission of data.