• Develop system security documentation in support of authorization and continuous monitoring under the DoD Risk Management Framework (RMF)
• Coordinate with DAOs Data Owners, SAs and devs for Security relevant changes to SSPs
• Monitor/maintain SSPs for hardware and software changes
• Participate in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access
• Ensures systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the System Security Plan
• Ensures that all system users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before granting access
• Research and report on CSIRs
• Review audit events for information systems and address events/incidents that occur with stakeholders
• Ensures all information system security-related documentation is current and accessible to properly authorized individuals
• Maintains records, outlining required patches/system upgrades that have been accomplished throughout the information system’s life cycle
• Update Biscotti by coordinating with SAs and reporting IAVA status
• Create and maintain Plan of Action and Milestones (POAM) as required
• Ensures that all systems/network are compliant and in scope of current accreditation
• Coordinate Nessus or CyborgBunny scans as required
• Evaluates proposed changes or additions to the information system, and advises the Information Systems Security Manager (ISSM) of their security relevance
• Participate in internal / external security audits/inspections
• Directs program system administrators on security matters
• BA/BS Degree in a technical discipline related to the experience requirements as stated herein (such as: Systems Engineering, Computer Science, Electrical Engineering, Information Systems).
• Minimum twelve (12) years experience in a technical role in projects and programs for Government or Industry customers. In lieu of a degree, an additional 6 years of relevant experience can be substituted. AND/OR up to 3 active/relevant certifications can be substituted for 1 year of experience each.
• Five (5) years experience as a Systems Engineer in programs that encompass system architecture, requirements analysis, process execution and evaluation.
• At least three (3) years direct experience with an intelligence community or signals intelligence activity.
• Experience in the following: Solaris and Linux; Solaris, Linux, and Windows utilities and techniques to diagnose and correct performance bottlenecks.
• Significant experience in the following: Designing complex collection systems; Integrating systems using multiple operating systems (Solaris, Linux, Windows 2000); Performing tradeoff studies; and/or System performance analysis.
• DESIRED: Experience providing leadership for system engineering of large-scale systems, major system elements, and/or interfacing systems.
• DESIRED: Experience in Agile development methodology
In addition to the basic qualifications the ISSO must have the following:
• Thorough understanding of the RMF process (Risk Management Framework)
•Hands-on linux experience
• Highly Experienced with XACTA, LatteArt, Biscotti & SEAR
• Working knowledge of DoDI 8500.2 “Information Assurance”
• Thorough understanding of NIST 800-53, NIST 800-37, DCID 6/3, and the NISPOM
• Experienced with government accreditation requirements under DITSCAP and DIACAP
• Familiar with Nessus or CyborgBunny
• Experience in evaluating, testing, certification and accreditation of classified and sensitive but unclassified information systems
• Experienced with analysis and evaluation of hardware and software in support of the Intelligence Community (IC)
• Able to apply current computer security technologies and IA requirements to maintain system security posture
• Responsible for maintaining and enforcing approved security policies, standards and guidelines
|Job Category||ISSO/ISSE, IT Security|
|Clearance Level Required||TS/SCI with Polygraph|
|Years of Experience Requried||12|