Journeyman ISSE [2021-73]

STS-03 Enterprise Corps Task Order 02

a. Integrate information security requirements into the acquisition process; using applicable

baseline security controls; ensuring a robust software quality control process; and

establishing multiple sources

b. Assess RMF artifacts and identify errors, omissions, and inaccuracies

c. Identify critical infrastructure systems with information communication

d. Conduct, review, and assess the results of security audits and A&A packages

e. Develop and deliver requirements documentation

f. Analyze, collate, organize, report on, respond to, and develop solutions to threats, risks,

and exposures of DoD networks

g. Communicate complex technical and programmatic information, concepts, or ideas in a

confident and well-organized manner

h. Ability to coordinate Project Team meetings

i. Demonstrate understanding and implementation of risk analysis, generating risk reports,

and providing recommendations for risk mitigation

j. Understanding of current DoD Acquisition Policy

Additional Knowledge Includes:

a. Computer networking concepts, protocols, and security methodologies

b. Risk management processes (e.g., methods for assessing and mitigating risk)

c. Cybersecurity threats and vulnerabilities

d. Data backup and recovery

e. Business continuity and disaster recovery continuity of operations plans

f. Host and network access control mechanisms

g. Cybersecurity best practices used to manage risks related to the use, processing, storage,

and transmission of information or data

h. RMF requirements

i. Current industry methods for evaluating, implementing, and disseminating IT security

assessment, monitoring, detection, and remediation tools and procedures utilizing

standards-based concepts and capabilities

j. Network traffic analysis methods

k. System and application security threats and vulnerabilities

l. Server administration and systems engineering theories, concepts, and methods

m. System life cycle management principles, including software security and usability

n. Information security program management and project management principles and


o. Current and emerging threats or threat vectors

p. System administration, network, and operating system hardening techniques

q. Personally Identifiable Information (PII) data security standards

r. Laws, policies, procedures, or governance relevant to cybersecurity for critical


Required Skills:

Using the DoD’s cybersecurity / RMF management system, currently eMASS, Exacta,


b. Creating policies that reflect system security objectives

c. Determining how a security system should work, including its resilience/dependability

capabilities, how changes in conditions, operations, or the environment will affect these


d. Identifying measures or indicators of system performance and the actions needed to

improve or correct performance

e. Utilizing Microsoft Office applications

f. Using Microsoft Windows operating system

g. Using any Unix/Linux derived operating system

h. Identifying trends and patterns in reported compromises and in identifying additional

compromises as a part of the same set

i. Engineering/designing logical and physical network/IS solutions

j. Installing/deploying Information Systems (IS) in Data Centers

k. Using enterprise

BA/BS Degree or Above

3-10 years

Colorado Springs, CO




U.S. Citizenship Required. An Equal Employment Opportunity employer. Please visit Equal Employment Opportunity link below for further information.
Equal Employment Opportunity Information