ClearanceJobs
Information Systems Security Officer
ClearanceJobs, Grand Forks, North Dakota, United States, 58203
Information Systems Security officer (ISSO)
Full-time, Onsite (Grand Forks, ND)
Relocation assistance is available for non-local candidates.
An active Top Secret security clearance is a must to apply!
ClearanceJobs is currently partnering with a rapidly growing aerospace company to assist in hiring an
Information Systems Security officer (ISSO)
to facilitate A&A (Authorization & Assessment) efforts throughout mission systems’ RMF lifecycle on a full-time, permanent basis.
The ideal candidate will have experience working as an ISSO or security relevant field and must be comfortable operating independently. The selected candidate will be able to speak directly with customers with little to no Information System Security Managers (ISSM) involvement and be the face of security for their selected boundaries.
REQUIRED QUALIFICATIONS
Experience developing and documenting DoD Assessment and Authorization documentation
Knowledge of CNSSI 1253, NIST 800 Series (primarily 800-53, 800-53A, 800-171), RMF
2-5 + years of IA/Cyber Security experience
Bachelor’s degree or higher in Computer Science or Security
Security+/CISM certification or equivalent
Experience with DCSA tools such as eMASS, STIGs and SCAP
PREFERRED QUALIFICATIONS
Well versed with RMF package creation and maintenance artifacts to support A&A decision
Experience using DISA Security Technical Implementation Guides (STIGs), Security Requirements Guide (SRGs) and Security Content Automation Protocol (SCAP) to audit and securely configure network-enabled devices
Fundamental knowledge of DISA Enterprise Mission Assurance Support Service (eMASS)
Proficient with vulnerability tools and audit review tools which include audit log analysis and report generation (Nessus and Splunk experience preferred)
Experience conducting risk analysis on products and system components through review of CVEs, plugins, CWEs
Experience in conducting software due diligence with COTS and GOTS solutions
Strong communication and documentation skills
Flexible and able to adapt to a rapidly changing environment
Positive, self-motivated individual who can complete tasks independently
Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
RESPONSIBILITIES
Lead supporting multiple RMF accreditation efforts and will perform tasks that include determining DoD requirements, hardware/software configuration management (to include baseline configuration), risk assessments/vulnerability assessments, testing and documenting security controls, and ensuring overall compliance with DoD Cybersecurity policies.
Oversee day-today operations required to perform RMF
Manage tasks and create deadlines to meet security requirements
Be forward facing for customer interactions which will translate into system requirements
Spearhead building RMF packages within eMASS and perform continuous monitoring for the full duration of the information system lifecycle
Implement the Risk Management (RMF) process throughout the entire A&A lifecycle of the system(s) or multiple ATOs across different locations, supporting all efforts pre and post Authority to Operate (ATO) determination
Assist the ISSM in meeting their duties to support A&A activities and coordinate with system’s Security Controls Assessor (SCA) and Authorizing Official (AO)
Perform and review technical security assessments of the system(s) to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies to maintain operational security posture for the boundary systems
Conduct risk analyses from vulnerability, compliance scans, penetration testing results, and/or other audit activities
Create and maintain Plan of Action and Milestones (POA&Ms), System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Standard Operating Procedures (SOPs), Configuration Management Plans, Contingency Plans and Test Result/Security Impact Analyses
Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media
Conduct continuous monitoring (ConMon) activities for applicable authorization boundaries
Apply and maintain up to date application of Security Technical Implementation Guides (STIGs) to required components of the information systems
Maintain inventory and asset configuration to include change management documentation
Lead System level change request through formalized Configuration Control boards (CCB)
Ensure that the appropriate operational security posture is maintained for the information system, working in close collaboration with the information system owner and the ISSM
Notify ISSM when changes occur that might affect the authorization determination of the information system(s)
Experience in advising System Administrators and Network Administrator to Remediate system decencies
Report all security-related concerns and incidents to the ISSM
Able to also handle security concerns in lieu of ISSM to advise on security concerns IAW system procedures
Benefits In addition to compensation, a comprehensive benefits package including medical, dental, and vision insurance along with PTO and a 401K.
#J-18808-Ljbffr
Full-time, Onsite (Grand Forks, ND)
Relocation assistance is available for non-local candidates.
An active Top Secret security clearance is a must to apply!
ClearanceJobs is currently partnering with a rapidly growing aerospace company to assist in hiring an
Information Systems Security officer (ISSO)
to facilitate A&A (Authorization & Assessment) efforts throughout mission systems’ RMF lifecycle on a full-time, permanent basis.
The ideal candidate will have experience working as an ISSO or security relevant field and must be comfortable operating independently. The selected candidate will be able to speak directly with customers with little to no Information System Security Managers (ISSM) involvement and be the face of security for their selected boundaries.
REQUIRED QUALIFICATIONS
Experience developing and documenting DoD Assessment and Authorization documentation
Knowledge of CNSSI 1253, NIST 800 Series (primarily 800-53, 800-53A, 800-171), RMF
2-5 + years of IA/Cyber Security experience
Bachelor’s degree or higher in Computer Science or Security
Security+/CISM certification or equivalent
Experience with DCSA tools such as eMASS, STIGs and SCAP
PREFERRED QUALIFICATIONS
Well versed with RMF package creation and maintenance artifacts to support A&A decision
Experience using DISA Security Technical Implementation Guides (STIGs), Security Requirements Guide (SRGs) and Security Content Automation Protocol (SCAP) to audit and securely configure network-enabled devices
Fundamental knowledge of DISA Enterprise Mission Assurance Support Service (eMASS)
Proficient with vulnerability tools and audit review tools which include audit log analysis and report generation (Nessus and Splunk experience preferred)
Experience conducting risk analysis on products and system components through review of CVEs, plugins, CWEs
Experience in conducting software due diligence with COTS and GOTS solutions
Strong communication and documentation skills
Flexible and able to adapt to a rapidly changing environment
Positive, self-motivated individual who can complete tasks independently
Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
RESPONSIBILITIES
Lead supporting multiple RMF accreditation efforts and will perform tasks that include determining DoD requirements, hardware/software configuration management (to include baseline configuration), risk assessments/vulnerability assessments, testing and documenting security controls, and ensuring overall compliance with DoD Cybersecurity policies.
Oversee day-today operations required to perform RMF
Manage tasks and create deadlines to meet security requirements
Be forward facing for customer interactions which will translate into system requirements
Spearhead building RMF packages within eMASS and perform continuous monitoring for the full duration of the information system lifecycle
Implement the Risk Management (RMF) process throughout the entire A&A lifecycle of the system(s) or multiple ATOs across different locations, supporting all efforts pre and post Authority to Operate (ATO) determination
Assist the ISSM in meeting their duties to support A&A activities and coordinate with system’s Security Controls Assessor (SCA) and Authorizing Official (AO)
Perform and review technical security assessments of the system(s) to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies to maintain operational security posture for the boundary systems
Conduct risk analyses from vulnerability, compliance scans, penetration testing results, and/or other audit activities
Create and maintain Plan of Action and Milestones (POA&Ms), System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Standard Operating Procedures (SOPs), Configuration Management Plans, Contingency Plans and Test Result/Security Impact Analyses
Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media
Conduct continuous monitoring (ConMon) activities for applicable authorization boundaries
Apply and maintain up to date application of Security Technical Implementation Guides (STIGs) to required components of the information systems
Maintain inventory and asset configuration to include change management documentation
Lead System level change request through formalized Configuration Control boards (CCB)
Ensure that the appropriate operational security posture is maintained for the information system, working in close collaboration with the information system owner and the ISSM
Notify ISSM when changes occur that might affect the authorization determination of the information system(s)
Experience in advising System Administrators and Network Administrator to Remediate system decencies
Report all security-related concerns and incidents to the ISSM
Able to also handle security concerns in lieu of ISSM to advise on security concerns IAW system procedures
Benefits In addition to compensation, a comprehensive benefits package including medical, dental, and vision insurance along with PTO and a 401K.
#J-18808-Ljbffr