Posted today
Top Secret/SCI
Unspecified
Full Scope Polygraph
IT - Security
Fort Meade, MD (On-Site/Office)
Day to Day Responsibilities:
The ISSO will be work with a team to maintain the appropriate operational security posture for assigned systems, programs, and/or enclaves. They will provide guidance and technical expertise on all matters that impact or effect the security of the information system. The ISSO will also assist in the development and execution of an enterprise level continuous monitoring program to minimize security risks and ensure compliance with that program on a routine basis.
The ideal candidate will have experience with RMF in NIST SP800-37. They should also have experience with commercial security tools.
Other responsibilities include:
• Developing, updating, and submitting the System Security Plan and other required documentation that make up the Security Authorization Package.
• Conduct configuration management for security-relevant changes to software, hardware, and firmware.
• Perform and deliver security impact analyses of changes to the system or its environment of operation.
• Assess the effectiveness of system security controls on an ongoing basis to determine system security status.
• Maintain and enforce IT security policies and implementation guidelines for customer systems in diverse operational environments.
• Provides configuration management for security-relevant information system software, hardware, and firmware.
Required Skills:
A working knowledge of the security authorization processes and procedures as defined in the RMF in NIST SP800-37 and familiarity with the ICD503, CNSSI1253, SP800-53, etc.
Knowledge of commercial security tools and their uses. Experience with hardware/software security implementations.
Knowledge of different communication protocols, encryption techniques/tools, and PKI and authorization services.
Familiarity with security incident management, experience collaborating with Incident Response Teams, and able to provide viable recommendations for the resolution or computer security incidents and vulnerability compliance.
Experience creating and presenting documentation and management reports.
The ISSO will be work with a team to maintain the appropriate operational security posture for assigned systems, programs, and/or enclaves. They will provide guidance and technical expertise on all matters that impact or effect the security of the information system. The ISSO will also assist in the development and execution of an enterprise level continuous monitoring program to minimize security risks and ensure compliance with that program on a routine basis.
The ideal candidate will have experience with RMF in NIST SP800-37. They should also have experience with commercial security tools.
Other responsibilities include:
• Developing, updating, and submitting the System Security Plan and other required documentation that make up the Security Authorization Package.
• Conduct configuration management for security-relevant changes to software, hardware, and firmware.
• Perform and deliver security impact analyses of changes to the system or its environment of operation.
• Assess the effectiveness of system security controls on an ongoing basis to determine system security status.
• Maintain and enforce IT security policies and implementation guidelines for customer systems in diverse operational environments.
• Provides configuration management for security-relevant information system software, hardware, and firmware.
Required Skills:
A working knowledge of the security authorization processes and procedures as defined in the RMF in NIST SP800-37 and familiarity with the ICD503, CNSSI1253, SP800-53, etc.
Knowledge of commercial security tools and their uses. Experience with hardware/software security implementations.
Knowledge of different communication protocols, encryption techniques/tools, and PKI and authorization services.
Familiarity with security incident management, experience collaborating with Incident Response Teams, and able to provide viable recommendations for the resolution or computer security incidents and vulnerability compliance.
Experience creating and presenting documentation and management reports.
group id: 10313966
