Information Systems Security Officer 1

The Information System Security Officer I supports a program, organization, system, or enclave's information assurance program. Provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed. Assists with the management of security aspects of the information system and performs day-to-day security operations of the system. Evaluate security solutions to ensure they meet security requirements for processing classified information. Performs vulnerability/risk assessment analysis to support certification and accreditation. Provides configuration management (CM) for information system security software, hardware, and firmware. Manages changes to the system and assesses the security impact of those changes. Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Assessment & Authorization (A&A) packages, and System Controls Traceability Matrices (SCTMs). Supports security authorization activities in compliance with the NIST Risk Management Framework (RMF) and any DoD and IC-tailored requirements.

Key tasks include:

• Plan and coordinate the IT security programs and policies
• Manage and control changes to the system and assess the security impact of those changes
• Obtain A&A for ISs under their purview
• Provide support for a program, organization, system, or enclave's IA program
• Serve as the Approval Authority to validate or approve user authorization for accounts associated with systems under their control
• Understand the authorization boundary of systems
• Collaboration with System and Network administrators to understand and document data flow and architecture diagrams
• Knowledge of security controls, the assessment, and applicability to systems
• Maintain operational baseline of systems under their purview
• Provide ongoing Continuous Monitoring to assigned systems
• Provide and validate the operational security posture of systems and ensure they are maintained
• Ability to initiate the reauthorization process of a system that needs reaccreditation
• Ability to decommission a system when it is no longer required
• Manage risks while the assigned system is in operation
• Ability to understand the POA&M process as well as track and close any outstanding liens
• Ability to acknowledge and respond to IAVAs and create liens as necessary
• Perform, coordinate, and document security-relevant changes
• Perform vulnerability assessments to ensure updates and system baseline are enforced
• Recognize a possible security violation and take appropriate action to report the incident
• Manage protective or corrective measures when an IA incident or vulnerability is discovered
• Provide security and awareness oversight and/or training as required
• Review of audit reduction tools to monitor and review systems for compliance with IA policy
• Excellent written and verbal communication skills
• Excellent leadership and teamwork skills
• Results-oriented, high energy, self-motivated
• Candidate may be required to respond to after-hours requests as required in a 24 x 7 environment

Required Skills

• Bachelor's degree in Computer Science or a related discipline from an accredited college or university is required.
• Four (4) years of additional experience as an ISSO may be substituted for a bachelor's degree.
• Five (5) years of experience as an ISSO on programs and contracts of similar scope, type, and complexity is required.
• Experience is to include at least one (1) of the following areas: knowledge of current security tools, hardware/software security implementation; communication protocols; and encryption techniques/tools.
• Compliance with Information Assurance Technician (IAT) Level I or higher is required.
• Any of the following or higher certification; A+ with Continuing Education, Cisco Certified Network Associate-Security (CCNA-Security), Network+ Continuing Education, System Security Certified Practitioner (SSCP).
• Active TS/SCI security clearance with a current polygraph is required

Additional Details

At CyberCore, we believe in taking care of our employees both inside and outside the workplace. Our comprehensive benefits package includes:

• Health Insurance to ensure you and your family stay healthy and well.
• Dental and Vision Insurance for preventive and routine care.
• Basic Life Insurance and Disability Insurance to provide peace of mind for you and your loved ones.
• Paid Holidays and Paid Time Off (PTO) to help you relax, recharge, and enjoy life.
• Paid Parental Leave for new parents to focus on family.
• Tuition Reimbursement to support your professional growth and education.
• A 401(k) plan with a company match to help you plan for your future.

At CyberCore, we are committed to fostering a supportive and enriching environment where you can thrive both personally and professionally.

The salary range for this role is $50,000 - $68,000. This range is a good faith estimate that reflects various experience levels. At CyberCore, we consider multiple factors when determining compensation, including the specific role and its responsibilities, the candidate's professional experience, geographic location, education, and relevant skills. This range is not a guarantee of salary, as final compensation may also be influenced by contractual requirements and other considerations.

Equal Employment and Diversity

CyberCore has, on many occasions, expressed support and commitment to the principles of diversity and equal employment opportunity. It is CyberCore's policy to recruit, hire, train, and promote individuals, as well as administer all personnel actions, without regard to race, color, national or ethnic origin, pregnancy, age, religion, disability status, sex, sexual orientation, gender identity and expression, veteran status, genetic information or any other characteristic protected under applicable federal or state law. CyberCore will not tolerate unlawful discrimination, and any such conduct is prohibited. CyberCore is committed to ensuring that CyberCore's workforce and volunteers reflect America's diverse population. CyberCore knows that such diversity will enrich the company with the talent, energy, perspective, and inspiration we need to achieve our mission.