Information Systems Security Officer

Location: MacDill AFB, FL
Date Posted: 09-10-2018
Duties:
  • The ISSO is responsible for ensuring the appropriate operational security posture is maintained for IS under their purview. This includes the following activities related to maintaining situational awareness and initiating actions to improve or restore cybersecurity posture.
  • Implement and enforce all AF cybersecurity policies, procedures, and countermeasures using the guidance within this instruction and applicable cybersecurity publications.
  • Ensure all users have the requisite security clearances and need-to-know, complete annual cybersecurity training, and are aware of their responsibilities before being granted access to the IT.
  • Maintain all authorized user access control documentation IAW the applicable AF Records Information Management System (AFRIMS).
  • Ensure software, hardware, and firmware complies with appropriate security configuration guidelines (e.g., Security Technical Implementation Guides (STIGs)/Security Requirement Guides (SRG)).
  • Ensure proper configuration management procedures are followed prior to implementation and contingent upon necessary approval. Coordinate changes or modifications with the system-level ISSM and SCA.
  • Initiate protective or corrective measures, in coordination with the security manager, when a security incident or vulnerability is discovered.
  • Report security incidents or vulnerabilities to the system-level ISSM.
  • Analyze information assurance-related technical problems and provide engineering and technical support in solving these problems.
  • Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
  • Provide technical support to the IA Cell to develop and maintain IA processes and procedures for computer network defense in-depth protection for the JCSE enterprise.
  • Track all implementation information for assurance directed guidelines for all hardware as well as applicable software ensuring proper security for the JCSE Enterprise. Provide tracking and summary reports based on findings to leadership. Implementation actions include but are not limited to STIGs, compliant patch implementation/management, Information Assurance Vulnerability Management (IAVM) compliance, integration/ implementation of network or firewall approved devices, and react appropriately to cyber threats.
  • Produce monthly status reports of IA compliance for all portions of the JCSE Enterprise.
  • Run IA scans with appropriate and approved tools (e.g. Security Content Automation
  • Protocol (SCAP), Assured Compliance Assessment Solution (ACAS), etc.) of all items as directed. Scans shall be run using the most recent security definitions of each tool.
  • The contractor shall maintain CCB-approved configurations consistent with DoD and JCSE policies and procedures.
  • Update, document, and maintain appropriate IA implementation actions in the Vulnerability Management System (VMS) database and any additional database archives mandated for use by JCSE.
  • Support and perform DoD Risk Management Framework in accordance with NIST 800-
  • 53 and NIST 800-53A for IA controls; 8570/8140 for IA Workforce training and DCID 6/3 for protection of sensitive compartmented information. This also includes the updates to the Risk Management Framework (RMF) package and all updated instructions which support the Assess and Authorize (A&A) process.
  • Interpret and communicate findings to the JNOC, IA cell and JCSE leadership for the impact of implementing of IA hardware/software upgrades/modifications, policy, and directives to JCSE's Enterprise.
  • The contractor shall document and present operational systems/network computer network defense recommendations and issues to JCSE.


Qualifications:
  • 2 years with Associates Degree OR Five years direct work experience. Documented experience with Risk Management Framework (RMF). Knowledge of DISA STIG implementation, vulnerability scanning and mitigation. Documented experience with the following tools: ACAS, Nessus, SCAP compliant tools. Experience with the development of System Security Plans.
  • DoD 8570 IAM Level I Certification (e.g. CAP, GSLC, or Security+ CE)
  • Associates Degree in a Computer Science OR relevant field


SECURITY CLEARANCE IS REQUIRED
 
AC4S is an Equal Opportunity Employer, including disabled and vets
this job portal is powered by CATS
Powered by CATS.