Serve as an Information Systems Security Officer for the organization and lead security officer for systems as assigned by the CISO/ISSM.
Provide day-to-day system security operations to ensure that operational security is maintained for various Information Systems.
Perform security activities to include:
Development and assessment of security architectures.
Work with ISSM/CISO to determine security control alternatives
Conduct Security controls and testing
Conduct security /supply chain /FOCI assessment of new software and tools
Conduct data transfer operations
Review network scans to determine abnormalities
Prepare technical documentation including the Systems Security Plan (SSP), Security Assessment Report (SAR) Risk Assessment Report (RAR), Plan of Actions and Milestones (POA&M)
Create and Maintain Certification and Authorization (C&A)/ Assessment and Authorization (A&A) documentation: Software/Hardware Inventory, Network diagrams, INFOSEC Policies and Procedures, Contingency Plan, Incident Response Plan, and Configuration Management Plans
Assist with assessing Information Assurance long-term needs and acquisition requirements to accomplish mission objectives.
Implement information security standards and procedures.
Provide configuration management support for reviewing, coordinating, implementing, and enforcing information systems security changes to the infrastructure.
Evaluate security solutions to ensure they meet security requirements for processing classified information.
Conduct research and testing to ensure existing and evolving products/services meet current Office of the Director of National Intelligence (ODNI), DoD, and local authority’s security requirements as appropriate.
Advise management and stakeholders on security-related matters.
Ensure the operational security posture of their systems, they are responsible for the daily security operation of their assigned systems and they advise their partners on specific IT and security policy procedures.
Ensure that management, operational, and technical controls for securing Office are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
Manage changes to system and assess the security impact of those changes.
Prepare and review documentation to include System Security Plans, Risk Assessment Reports, Assessment and Authorization packages, and System Requirements Traceability Matrices.
Ensure a strong customer focus.
Respond to security incidents, and report incidents to the appropriate authorities.
Performed equipment decommissioning and sanitization.
Facilitate Personal Electronic Devices (PED) into and out of the SCIF as required. Assure that all PEDs have been disabled prior to SCIF entry
Review existing legacy and info-share repositories and update as needed
Primary Skills Required:
Possesses 5 years of professional experience (with a Bachelor’s Degree) with experience in the areas of information assurance, accreditation and authorization (A&A) of systems (formerly referred to as certification and authorization – C&A).
Preferred technical experience effectively provided network and/or system administration, and/ or computer operations.
Experience proactively provided system security support IAW ICD 503 / Risk management Framework (RMF).
Candidates must have the following experience and knowledge:
Knowledge of the DoD, IC, or national level system security initiatives and classified programs and infrastructures.
Possess effective interpersonal and presentation skills as he/she operates in a client-facing role.
Possess experience with NIST 800 publications standards.
Possess knowledge of how to use the NVD and NIAP portals to review software or hardware vulnerabilities
Knowledge of ACAS (Nessus/Tenable).
Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.
Primary Skills Desired:
Possesses experience supporting the Intelligence Community (IC) including one of the following:
Air Force Intelligence
Central Intelligence Agency
Coast Guard Intelligence
Defense Intelligence Agency
Department of Energy
Department of Homeland Security
Department of State
Department of the Treasury
Drug Enforcement Administration
Federal Bureau of Investigation
Marine Corps Intelligence
National Geospatial-Intelligence Agency
National Reconnaissance Office
National Security Agency
Office of the Director of National Intelligence
Experience with supporting the Joint Worldwide Intelligence System (JWICS).