Information Systems Security Officer (ISSO)
The ISSO will be responsible for all accreditation, documentation and security requirements for a Geospatial development project. The ISSO will perform testing, analysis and correct action to ensure system accreditation under RMF.
Duties and responsibilities include:
• Performing risk assessment analysis to support Assessment and Authorization (A&A)
• Preparing and reviewing A&A documentation
• Perform Information Systems Security Engineer (ISSE) functions and role to bridge the gap between high level security policies/requirements and technical/operational implementation of requirements
• Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions
• Apply full range of Information Assurance (IA) policies, principals and techniques to maintain security integrity of information systems processing classified information
• Prepare System Security Plans (SSP) in accordance with the applicative governing directive for systems, and ensure all networks are in maintained according to their respective SSPs.
• Perform vulnerability assessments and remediation
• Assists engineering team with requirements, system hardening, testing and evaluation to ensure that A&A requirements are met.
• Secret Clearance required, TS/SCI Preferred
• BA/BS and 8 or more years of experience as an ISSO
• Must Meet IAT Level 2 or higher
• Two years or more experience with the Risk Management Framework (RMF) as applied within the Intelligence Community (IC) and/or Department of Defense (DoD) communities
• General knowledge of NIST SP 800-37, and NIST SP 800-53.
• Technical writing skills
• Experience with Microsoft WSUS, McAfee EPO, HBSS, SIEMs, and Windows OS Hardening.