Information Systems Security Officer - 0030

    • Chantilly, VA



Location Chantilly

Supporting

Full-Time/Part-Time -unspecified-

Number of Openings 5

Clearance

Description
The ISSO position is a senior level or subject matter expert (SME) information system security professional who provides advice and assistance to the Government regarding secure configuration and operation of NRO's IT assets. ISSOs apply extensive knowledge and experience of a variety of information system security concepts, practices, and procedures. ISSO duties include, but are not limited to the following:

  • Manage the day-to-day system security including physical and environmental protection, incident handling, and information system security training and awareness.
  • Maintain the system security plan (SSP), and other related documents, following NRO, IC, and DoD applicable policies, procedures, and templates.
  • Support initial risk analysis and present results to the Information System Owner and PSO.
  • Participate in assessment and integration, verification, and validation (IV&V) testing activities.
  • Assess the security impact of system changes, updating the SSP, managing and monitoring changes to the system, and disposal of the system in accordance with NRO, IC, and DoD security policies and practices, as outlined in the approved SSP.
  • Notify the ISSM, PSO, and Information System Owner when changes occur that may affect accreditation authorization, thus initiating the re-certification/re-accreditation process.
  • Ensure all IS security-related documentation is current and accessible to properly authorized individuals.
  • Maintain and update IT asset records in NRO XACTA Assessment Engine on behalf of the Information System Owner.
  • Process information systems access requests, ensuring all users have the requisite SCI security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS.
  • Initiate, with the approval of the ISSM, protective or corrective measures when a security incident or vulnerability is discovered.
  • Ensure configuration management (CM) for the security relevant IS software, hardware, and firmware is maintained and documented. If a CM board exists, the ISSO may support the CM board if so designated by the ISSM.
  • Ensure system recovery processes are monitored to ensure that security features and procedures are properly restored.
  • Ensure system security requirements are addressed during all phases of the system life cycle.
  • Ensure that NRO security systems comply with appropriate assessment and authorization standards.
  • Responsible for controlling, labeling, virus scanning, and appropriately transferring data (uploading/downloading) between various NRO information systems as required.
  • Perform requested uploads/downloads, virus scanning, and software updates for applicable information systems and local and wide area networks (LAN/WANs), perform Automated Out-processing & Relocation System (AORS) reviews, Public Key Infrastructure (PKI) vetting, Portable Electronic Device (PED) registrations, and conduct NRO Management Information System (NMIS)/Secret Collateral Management Information System (SCMIS)/Unclassified Management Information System (UMIS) user briefings.
  • Support comprehensive investigations into all NRO related data spills and IT incidents at both government and contractor sites.
  • The contractor shall support information protection needs, system security requirements, system security architecture, and verify information protection effectiveness as related to NRO mission requirements.
  • Provide guidance on system security, assessment and authorization issues, and INFOSEC policy and security vulnerabilities.
  • Provide advice and guidance to NRO program personnel and Program Security Officers on all Information System (IS) security issues across all NRO activities.
  • The contractor shall support the Government POC in managing the acquisition, operation, storage, inventory, and disposition of all Communications Security (COMSEC) related material and equipment as required.
  • The contractor shall work security issues involving multiple Intelligence Community SCI Control Systems, DoD SAP/SAR activities, and SCI Special Handling programs.
  • The contractor shall provide appropriate security awareness and training to NRO information system users.
  • The contractor shall coordinate activities with official designated representatives, chief information officers, senior agency information system security officers, information system and common control providers, and information system security officers.
  • The contractor shall maintain effective communications with the Information System Owner, AO or DAO, ISSE, SCA, ISSM, and PSO.
  • The contractor shall attend program technical exchange meetings, staff meetings, and program review milestone meetings, as directed.
  • The contractor shall monitor and track status of applicable patches including IA vulnerability alerts (IAVA), IA vulnerability bulletins (IAVB), and technical advisories (TA) for the networks and operating system(s) under their purview.
  • Review applicable audit logs for actions to include but not limited to security relevant events/activities, suspicious activity, baseline changes and notify the ISSM of any discrepancies.
  • Write, review, and/or assess security documentation and plans focusing on safety and security of personnel, assets, resources, and mission.
  • Expertise with configuration management; system maintenance; and integration testing.
  • Ability to troubleshoot technical configurations and make recommendations on the protection of classified and sensitive data.
  • Expert in the use of tools used to prevent and or negate malicious code.
  • Expert in detecting and preventing computer security compromises in a networked environment.
  • Expertise in forensics chain of custody and evidentiary preservation.
  • Demonstrated proficiency in successfully guiding complex information systems through assessment and authorization control gates.
  • Analytical abilities to decipher complex technical configuration management documents.
  • Proficient in maintaining databases.


Position Requirements
  • Familiarity with conducting research and analysis.
  • Familiarity with network and information system security principles and best practices.
  • Familiarity with controlling, labeling, virus scanning, and appropriately transferring data (uploading/downloading) between information systems at varying classification levels.
  • Ability to engender rapport with the military, civilians, and other contractors at all levels.
  • Ability to prioritize tasks.
  • Familiarity with applicable NRO, IC, DoD policies, procedures and operating instructions related to Information Technology, Information Assurance, Information Management (IT/IA/IM).
  • Thorough understanding and application of network security principles, practices, and implementations.
  • Working knowledge of cross-functional integration of information systems into a physical security environment.
  • Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
  • Understanding of system methodologies including but not limited to client server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, LAN, switches, and routers.
  • Familiarity with detecting and preventing computer security compromises in a networked environment.
  • Working knowledge of configuration management; system maintenance; and integration testing.
  • Proficient in the use of tools used to prevent and/or negate malicious code.
  • Understanding of COTS tools that scan at the physical layer of all removable and fixed media types including but not limited to: (CDs, hard drives, thumb drives, Zip/Jazz, etc.).
  • Ability to decipher and explain in clear language Intelligence Community Directive (ICD) 503.
  • Ability to support forensics and evidentiary preservation.
  • Ability to troubleshoot technical configurations and make recommendations on the protection of classified and sensitive data.
  • Demonstrated ability to translate technical information and information technology jargon into plain English.
  • Ability to apply a risk management philosophy when faced with security challenges and the ability to articulate the pro's and con's in a clear concise manner.
  • Demonstrated proficiency with the following computer operating systems (e.g. Microsoft Windows, , UNIX, Mac OS, etc.)
  • Analytical ability to decipher complex technical configuration management documents.
  • Demonstrated proficiency with database maintenance.
  • Strong ability to elicit, articulate, and document information in a well-organized manner.
  • Demonstrated ability to work independent of close supervision.
  • Demonstrated experience with Microsoft Office Suite.
  • Working knowledge of all applicable NRO, IC, DoD policies, procedures and operating instructions related to Information Technology, Information Assurance, Information Management (IT/IA/IM).
  • Excellent communication, interpersonal, and team-building skills to engender rapport with the military personnel, civilians, and other contractors at all levels.
  • An ability to prioritize work to meet deadlines, and to manage the workflow of the ISSO team.
  • Demonstrated ability to correlate audit results between various systems and/or users and notify the ISSM of any discrepancies.

Certifications
  • IAM or IAT Level III

Required Clearance
  • TS/SCI w/CI Poly

Travel
  • Must be willing to travel short term (less than (90 days)

Additional Information
  • This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties and/or responsibilities that are required for this position that are not listed in this job description.
  • In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
  • System High is a Military friendly employer. Our extensive work on behalf of the U.S. government offers those who have served in uniform an opportunity to continue to serve their country in a new and exciting way while enjoying a successful civilian career.
  • System High Corporation is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state or local law. EEO is the Law


Additional Information

About the Organization From our start in 2005, System High has been recognized as the provider of choice for innovative security engineering. Delivering high-end information protection services, over 50% of our security professionals are US Military veterans. Patriotism, commitment to excellence, and successful mission accomplishment permeate our corporate culture. Whether designing or constructing secure facilities (SCIFs), performing IT systems certification and accreditation, establishing regulatory compliant corporate security programs, or producing life-cycle protection planning for complex systems acquisitions, System High has the expertise and tools to facilitate mission success.
System High is a Military friendly employer. Our extensive work on behalf of the U.S. government offers those who have served in uniform an opportunity to continue to serve their country in a new and exciting way while enjoying a successful civilian career.

EOE Statement We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.

This position is currently accepting applications.


Meet Some of System High's Employees

Nakishna

International Security Specialist

Nakishna works hand-in-hand with System High clients and partner nations to provide innovative international security guidance and compliance measures.

Wayne

International Security Specialist

Wayne works hand-in-hand with System High clients and partner nations to provide innovative international security guidance and compliance measures.


Back to top