Information System Security Officer (ISSO)

Job Title: I nformation System Security Officer (ISSO)
Work Location: Hill AFB, UT
Duration: 6 month contract
Education/Experience Required: Active Security Clearance

Job Description & Responsibilities :
Support HILL COMPONENT ENTERPRISE DATA CENTER (CEDC) IT OPERATIONS AND MAINTENANCE SERVICES located at Hill Air Force Base, Utah (HAFB). This program aims to modernize legacy USAF network infrastructure and migrate services into Cloud Environments. The Information Systems Security Officer (ISSO) is responsible for ensuring the confidentiality, integrity, and availability of assigned information systems in accordance with Department of Defense (DoD) and Department of the Air Force policies and procedures. The ISSO will play a crucial role in implementing and maintaining a robust cybersecurity posture, conducting security assessments, managing risks, and ensuring compliance with applicable regulations and standards. This position requires a strong understanding of information security principles, DoD security requirements, and excellent communication and problem-solving skills.

Essential Duties & Responsibilities:

• Security Planning and Implementation:
  • Assist in developing, implementing, and maintaining security plans, policies, and procedures for assigned information systems in accordance with DoD Instruction 8510.01 (Risk Management Framework for DoD Information Technology) and other applicable guidance.
  • Assist in the selection and implementation of security controls to protect information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
  • Assist risk assessments and vulnerability assessments to identify security weaknesses and recommend mitigation strategies.
  • Work with system administrators and other IT personnel to ensure security controls are properly implemented and maintained.
• Security Monitoring and Incident Response:
  • Monitor information systems for security incidents and anomalies, and investigate and respond to security incidents in accordance with established procedures.
  • Analyze security logs and other data sources to identify potential security threats and vulnerabilities.
  • Report security incidents to the appropriate authorities, including the [Insert Organization's Incident Response Team].
  • Participate in incident response exercises and drills.

• Compliance and Audit:
  • Ensure that assigned information systems comply with all applicable DoD security policies, regulations, and standards, including but not limited to:
    • DoD Instruction 8510.01 (Risk Management Framework for DoD Information Technology)
    • NIST Special Publications (e.g., SP 800-53, SP 800-37)
    • Security Technical Implementation Guides (STIGs)
    • Information Assurance Vulnerability Alerts (IAVAs)
  • Conduct regular security reviews and audits to verify compliance with security requirements.
  • Prepare and maintain documentation to support security audits and assessments.
  • Assist with the development and implementation of corrective action plans to address security deficiencies.
• System Authorization and Accreditation (A&A)
  • Manage the A&A/A&A process for assigned information systems, including the preparation of security documentation (e.g., System Security Plan, Security Assessment Report, Plan of Action and Milestones (POA&M)).
  • Coordinate with authorizing officials and other stakeholders to obtain and maintain system authorizations.
  • Ensure that systems are operated in accordance with their authorization.

Skills & Qualifications :
Education, Certification & Experience Requirements
Education Required:

• Bachelor's Degree in Business or IT related field with three (3) or more years of experience in Information Security, Vulnerability Management or related field. Master's Degree and 2+ years of experience can be substituted.

Certification Required:

• Security+ CE

• Active Secret Clearance required

Experience Required:

• Must have relevant Air Force Risk Management Framework (RMF) experience
• Must have experience with one or more of the following:
  • Experience successfully getting systems through the complete ATO process
  • Vulnerability management, including running scans as well as evaluating and prioritizing the outputs
  • Experience evaluating STIGs and completing STIG checklists
  • Patching
• Experience using eMASS or other related tools

Knowledge, Skills & Abilities:
Knowledge:

• Thorough Knowledge of security control selection and tailoring.
• Basic knowledge of common security controls and their purpose (e.g., access control, audit and accountability, identification and authentication).
• Familiarity with NIST SP 800-53 security controls and the various security documents that make up an ATO package (e.g., System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M)).
• Understanding of how security controls are implemented and assessed.
• Understanding of Cloud Migration strategies and security requirements

Skills:

• Strong organizational and problem-solving skills.
• Excellent communication and interpersonal skills.
• Data Center Security
• Basic Risk Management
• Compliance Auditing
• Cybersecurity Training and Awareness

Abilities:

• Ability to clearly and concisely document system security information.
• Ability to manage security-related tasks, updates, and deadlines, measurable by timely and complete execution of assigned activities.

For more information or to view other opportunities, visit us at www.paladininc.com.

Paladin Consulting is an EEOC employer.