⇦ BACK TO CAREER OPPORTUNITIES 


Information Systems Security Officer (ISSO) [2021-169]

CMSS (CCS)

Assesses and mitigates system security threats and risks throughout the program life cycle. Performs system assessment and authorization planning, testing, and validation activities in coordination with government customers. Supports secure systems operations and maintenance. Conducts internal information technology system audits and risk assessments and reports findings and recommendations for corrective actions to management. Executes first level responses and addresses reported or detected incidents. Investigates and analyzes all response activities related to cyber incidents. Interprets, analyzes, and reports all events and anomalies in accordance with directives, to include initiating, responding, and reporting discovered events. Safeguards information against unauthorized use, infiltration, exfiltration, modification, destruction or disclosure of national security information.

Essential Functions:

• Intermediate professional with practical knowledge of job area. Works under moderate supervision to set objectives for own job area. Communicates with contacts inside and outside own team to explain and interpret operational processes, practices, and procedures Identifies and addresses changes within own job area. Works to achieve operational targets with some impact on departmental results.

• Works under moderate supervision. Works independently on larger, moderately complex projects or assignments. Sets objectives for own job area to meet the goals of projects and assignments. May provide guidance and assistance to entry level professionals and/or support level employees.

• Works to achieve operational targets within job area with some impact on department results. Contributes to the completion of milestones associated with specific projects.

• Communicates with contacts within and outside of own team which may include customers or vendors. Explains and interprets operational processes, practices and procedures of the job area to others within the organization.

• Work consists of making basic adjustments to systems and processes to solve problems. Identifies, defines and addresses general problems that are typically within the immediate job area. Problems are typically solved through drawing from prior experiences or standard procedures and basic analysis.

• Works to achieve operational targets within job area with some impact on department results. Contributes to the completion of milestones associated with specific projects.

• Responsible for analyzing and/or administering security controls for information systems.

• Safeguards the network against unauthorized infiltration, modification, destruction or disclosure.

• Researches, evaluates, tests, recommends, communicates and implements new security software or devices.

• Implements, enforces, communicates and develops security policies or plans for data, software applications, hardware, and telecommunications.

• Provide details for developing Information System Security (ISS) Risk Management Framework (RMF) documentation (SSP, SAR, RAR, SAP, SCTM, POA&M, etc.) to support the Assessment & Authorization (A&A) of assigned systems.

• Performs ISS controls assessments as part of the systems’ Continuous Monitoring Plan.

• Oversees configuration management of assigned systems.

• Performs periodic hardware/software inventory assessments.

• Identifies system security controls shortcomings and annotates POA&M entries for deficient items, playing a vital role with remediating control deficiencies.

• Assists with documenting annual ISS Self Assessments.

Required Skills:

• Works under moderate supervision to set objectives for work environment.

• Communicates with contacts inside and outside own team to explain and interpret operational processes, best practices, and procedures.

• Work individually and as part of a team in a diverse, rapidly changing environment.

• Security + (CE) or equivalent (DoD 8570.01-M).

• 3+ years experience as an ISSO (or equivalent position) overseeing cybersecurity on classified and/or unclassified systems under NISPOM Chapter 8, NIST 800-53 and/or NIST 800-171.

• Practical experience running security compliance scans and interpreting vulnerability scanning results (Nessus, SCAP).

• Experience completing DISA Security Technical Implementation Guidelines (STIG) checklists.

• Experience with Linux/Unix Information System Security requirements to include archiving audit log data.


• Requires practical knowledge of job area typically obtained through advanced education combined with experience: Bachelor Degree and a minimum of 2 years of prior related experience or 2 years post-Secondary/Associate Degree and a minimum of 6 years of prior related experience. Graduate Degree or equivalent with 0 to 2 years of prior related experience.

2-6+ depending on degree

Colorado Springs, CO

Top Secret/SCI

Immediate

TBD

U.S. Citizenship Required. An Equal Employment Opportunity employer. Please visit Equal Employment Opportunity link below for further information.
Equal Employment Opportunity Information




BACK TO CAREER OPPORTUNITIES