Information System Security Officer (ISSO)

Description

Leidos National Security Sector is seeking a talented Information System Security Officer (ISSO) to join a diverse team to create unique solutions for complex problems. In this role, you will be responsible for supporting our Classified Information System Cybersecurity/Information Assurance Program. You will report to the Information System Security Manager (ISSM) on all aspects of classified information system security compliance. Your work will be conducted on site at Robins AFB, GA.

Primary Responsibilities:

• Assessing and monitoring system compliance, auditing, security plan development and delivering information systems security education and awareness.
• Investigating information system security violations and help prepare reports specifying corrective and preventative actions.
• Conducting technical and administrative assessments.
• Analyzing systems security risks, analyzing findings, and recommending corrective actions to enhance security.
• Integrating new cybersecurity processes, procedures, and tools.
• Support the creation, review and update of cybersecurity documentation and other technical writing.
• The ISSO's primary duties will consist of managing the day-to-day compliance of our classified information systems.
• Auditing information systems to ensure compliance with security policies and procedures while reporting any discrepancies to the ISSM, ISO.
• Assisting in the Risk Management Framework (RMF) authorization process by developing and maintaining artifacts for the Body of Evidence (BoE).
• Reviewing and approving (within authority) Configuration Management (CM) requests of all associated hardware, software, and security relevant functions are maintained and documented as part of CAB / CCB approval process.
• Assisting with sanitization and release of hardware in accordance with security policies or Authorizing Official (AO) guidance.
• Testing/evaluation and application of required technical security controls and periodic inspections of information systems.

• Bachelor's Degree with 4+ years of experience or a Master's Degree with 2+ years of experience. Additional equivalent work experience may be considered in lieu of a degree.
• US Citizen with at least a Secret clearance.
• Must hold current Security+ or higher certification to be considered; must be able to maintain.
• Cybersecurity, systems security or hardening, Information Technology.
• Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM)
• Experience working with and/or supporting computer technologies (such as; databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics).
• Physical security, project or program management, office management, senior administration, or account management.
• Experience with security configurations across multiple operating systems in various environments, to include Windows, Linux, UNIX, utilizing Active Directory/Group Policy, Centrify, etc. is required.
• Highly organized and self-motivated with excellent documentation skills and the ability to work with minimal supervision.

• TS/SCI Clearance
• Experience in performing IT work with Windows or Linux systems is preferred.
• Experience within the IC community
• Experience working in DoD classified operating environments is preferred.
• Experience with various information system security tools that address vulnerability analysis and mitigation. These may include ACAS, SolarWinds, Tenable, SCAP.
• Familiarity with implementation of Government directives and policies derived from NIST, STIG, DoD, or other Government Regulatory compliance standards within a professional industry.
• Experience in the execution of the Assessment & Authorization processes, as defined within the Risk Managed Framework (RMF).
• Experience providing technical security consultation for complex, cross-domain, diverse classified networked environments in collaboration with internal/external Customers, Information Technology (IT).
• Familiarity with the execution and management of cyber incident response; preservation, containment, and eradication.