Information Systems Security Officer

Company Description

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

Job Description

Overview

SOSi is currently seeking an experienced Information Systems Security Officer for our team in Ramstein AB, Germany. The candidate will be responsible for planning, implementation, and maintenance of security measures to protect information technology networks and systems. Works with customers, partners, stakeholders, and team members to develop and implement DoD security procedures.

Essential Job Duties

• Analyzes and defines security requirements.
• Implement and enforce all AF cyber security policies, procedures, and countermeasures.
• Supports the system assess and authorize (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and DAF policies.
• Ensure all users have the requisite security clearances and need-to-know, complete annual cyber security training, and are aware of their responsibilities before being granted access to IT according to DAFMAN 17-1304.
• Maintain all authorized user access control documentation IAW the applicable AF Records Information Management System.
• Ensure software, hardware, and firmware comply with appropriate security configuration guidelines (e.g., security technical implementation guides /security requirement guides).
• Ensure proper configuration management procedures are followed prior to implementation and contingent upon necessary approval, and coordinates changes or modifications with the enclave-level ISSM or Security Control Assessor (SCA).
• Initiate protective or corrective measures, in coordination with the ISSM, when a security incident or vulnerability is discovered.
• Recommends policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.
• Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Promotes awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals.
• Conducts systems security evaluations, audits, and reviews.
• Recommends systems security contingency plans and disaster recovery procedures.
• Recommends and implements programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.
• Participates in network and systems design to ensure implementation of appropriate systems security policies.
• Facilitates the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.
• Assesses security events to determine impact and implements corrective actions.
• Ensures the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services.
• Report security incidents or vulnerabilities to the system-level ISSM according to AFI 17-203, Cyber Incident Handling.
• Will execute ISSO duties as outlined in DoDI 8500.01, AFI 17-101, AFI 17-1301, and AF 17-1303 for assigned network enclaves.
• Maintain familiarity with relevant DOD/NIST RMF publications, including NIST 800-53, 800-60, 800-37, DODI 8540.01 CDS Policy, and DOD Directive 5144.02.

Qualifications

• This position requires a minimum of eight years' experience, of which at least six years must be specialized experience in defining computer security requirements for high-level applications, evaluation of approved security product capabilities and resolution of computer security problems.
• Extensive knowledge and proficiency with the Risk Management Framework (RMF) and eMASS or XACTA experience.
• Extensive knowledge and proficiency with the Assured Compliance Assessment Solution (ACAS) Vulnerability Scanner.
• Extensive knowledge and proficiency with the Security Technical Implementation Guide (STIG) implementation and automation tools such as SCAP, STIG Viewer, eMASSter which are often leveraged for automation.
• A strong technical background, ideal candidates must have familiarity in virtualization technologies, basic networking and industry best practices.
• Expert knowledge and proficiency with Cybersecurity best practices.
• Expert knowledge and understanding of Federal and DoD Cybersecurity regulations and policies.

Minimum Education

• In scope DOD Secret clearance is required.
• A Bachelor's Degree and three (3) years of recent specialized experience; or Associates Degree and seven (7) years of recent specialized experience; or No degree and 11 years or recent specialized experience.
• DoDD 8570.01M Information Assurance Technician (IAT) level III baseline certification required.

Preferred Qualifications

• A Bachelor's degree in computer science/systems, information systems/technology, engineering/engineering technology, software engineering/programming, management, natural sciences, social sciences, mathematics or business/finance.
• Education and experience requirements may be substituted with:
• A Master's Degree (in subjects described above) and eight years general experience, of which at least six years must be specialized experience.
• No degree and thirteen years of general experience of which at least eleven years must be specialized experience.
• Recent ISSO or ISSM experience.
• Strong familiarity with Coalition and Multi-National information sharing systems.
• Knowledge of the principles, methods, and techniques used in network security.
• Knowledge of scanning, endpoint security, and firewall technologies.
• Comprehensive knowledge of desktop operating systems and applications.
• Experience implementing and maintaining security controls.
• Understanding of National Institute of Standards and Technology (NIST) 800 53 security controls and control families.
• Technically competent, solid decision making and critical thinking, strong customer focus, self-motivated, desire to learn, effective and professional interpersonal skills, pride in work, strong team player.
• Familiarity (administrative and configuration level experience) with HBSS systems, McAfee ePO, server, ACAS and policy Administrator tasks and skills.
• Configure, conduct, and interpret network vulnerability scans.

Additional Information

Work Environment

• Working conditions are normal for an office environment.
• Fast paced, deadline-oriented environment.
• May require periods of non-traditional working hours including consecutive nights or weekends (if applicable)

Working at SOSi

• All interested individuals will receive consideration and will not be discriminated against for any reason.