Information Systems Security Officer (ISSO)

Position Title:

Information Systems Security Officer (ISSO)

Clearance Requirements:

Active TS/SCI with CI Poly (or TS/SCI with willingness to obtain CI Poly)

Location:

Charleston, South Carolina

Duties and Responsibilities:

• Participate in the implementation of current and future security domains (i.e. DevSecOps, AI, Cloud Computing, etc.)

• Develop, implement, and maintain system documentation for information system authorization, security management, and continuous monitoring (CONMON) of both networked and standalone information systems (i.e., Authorization to Operate (ATO), System Security Plan (SSP), Plans of Actions and Milestones (POAM), etc.)

• Validate that systems are reporting properly to security management systems (e.g., XACTA, eMASS, etc.)

• Validate that monthly security scans performed by systems administrator comply with NSA/CSS Policy Instruction 6-008

• Coordinate with system administrator on submissions of Change Logs and/or Modifications to the baseline in order to maintain accurate baseline Configuration Management (CM)

• Validate Information System Owner (ISO)-submitted annual Inventory

• Review system documentation to include Configuration Guides, Standard Operating Procedures, Training Materials, Install Guides, Troubleshooting Guides, etc.

• Validate maintained inventory of Software products are properly licensed

• Validate that systems are properly registered with NSA DNS by systems administrators

• Coordinate Risk Management Framework (RMF) Control responsibilities and inheritance

• Coordinate with ISO, ISSM, and ISSO personnel to ensure cybersecurity policy and procedure compliance

• Validate appropriate user agreements are executed by systems administrator on behalf of PMO

• Coordinate with PMO to provide updated TEMPEST/SCIF accreditation letters for the SCIFs

Deliverables include:

• Security Assessment Plan

• Security Assessment Report

• Risk Assessment Report

Required Qualifications:

Experience:

• Strong hands-on experience with Tenable.SC

• Creating scans, scan policies, troubleshooting scans, performing audit scans)

• Experience administering and securing multiple types of Operating Systems

• Demonstrated experience securing or administering cloud networks

• Ability to create, interpret, and validate system diagrams and network/data flow architectures

• Prior experience supporting or leading the ATO process as an ISSO or ISSM

• Experience administering or securing Cross Domain Solutions (CDS)

• FEDRAMP system experience

• XACTA and/or eMASS experience

• In-depth experience and understanding of the Risk Management Framework (RMF)

• Strong knowledge of Information Assurance (IA) and Regulatory Compliance

• Knowledge of federal policies, regulations, and standards

Preferred Knowledge Areas:

• CISA Cloud Security Technical Reference Architecture

• CISA Zero Trust Maturity Model

• DoD Zero Trust Reference Architecture

• M-22-09 Federal Zero Trust Strategy

• National Security Systems Zero Trust Reference Architecture

• NIST CSWP Planning for a Zero Trust Architecture - A Starting Guide for Administrators

• NIST SP 800-207 Zero Trust Architecture

Certifications:

• AWS Certified Solutions Architect Associate

• Cloud certifications

• DoD 8140 IAT Level II or Level III certification

Requirements:

• Ability to operate independently with minimal oversight; strong self-initiative and analytical skills

• Strong teamwork orientation and ability to collaborate across diverse technical and security teams and small team settings to solve complex problems

• Comfortable working in a hands-on lab environment with limited telework availability

Other

Echelon Services is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.