Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
Must develop and implement documentation outlining system operating environment, to include the overall mission, floor layout, hardware configuration, software, type of information processed, user organizations and security clearances, operating mode, interconnections to other systems/networks of users, their security personnel, and associated responsibilities;
Assist in the development and maintenance of the overall system security document, the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance;
Participate in the development or revision of System-specific security safeguards and local operating procedures that are based on the above regulations;
Provide IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans; and
Provide expertise in classified and unclassified ratings to customers.
Work closely with Certifiers to navigate the ICE Certification & Accreditation process and produce all appropriate accreditation documentation
Attend ISSO training course as required
Perform interpretations of monthly vulnerability scan results of assigned systems
Review system audit logs for anomalies and report and follow up on anomalies as required
Facilitate timely identification, communication and recommended resolution of security risks within assigned systems
The ISSO is the principal point of contact for information assurance activities at the IT system level. The ISSO is responsible for ensuring that management; operational and technical controls for securing either National Security Systems or SBU level IT Systems are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal. It is preferred that this person be a current Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or possess a similar security professional certification. Strong relevant experience and education can substitute for these certifications. Candidates must possess a Bachelor’s Degree and 2 years or 4 years of relevant IA experience with no degree. Must possess experience with NIST standards. Candidates must possess experience interpreting vulnerability scanning results.