Information Systems Security Officer |ISSO|

Job highlights
Identified by Google from the original job post
Qualifications
This position requires U.S. citizenship and an active Top-Secret clearance with SCI Eligibility
This position requires a BS in Information Systems, or related Cyber field as required
Specific experience, education and training may be considered in lieu of degree
Experience with eM
ASS
CISSP or CASP certification required
DoD 8140 Compliant, IAT Level II or higher required at start
Knowledge of NIST SP 800-37, CNSSI 1253, FIPS 1++ and NIST SP 800-53
Knowledgeable in RMF accreditation processes
Experience in auditing security controls
Knowledge of Continuous Monitoring
Experience in scanning and interpreting scan results
Knowledgeable in STIGs and SRGs
Knowledge of Common Control Processes
Should have hands on experience implementing security and/or network components, i.e. routers, firewalls, IPS, IDS, etc
Customer service skills both verbally and written
Confidence and ability to present briefing to senior level DoD officials in both prepared briefings and/or in ad hoc discussions
US Citizenship with an Active DoD clearance at the Top-Secret level with SCI eligibility
Benefits
Pay Range $101,400.00 - $183,300.00
The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary
Responsibilities
The Information Systems Security Officer (ISSO) will provide Information Assurance support for a mission critical IP Messaging and Communications Transport Network, including discovery, SSP preparation, C&A, security sustainment, and system decommissioning
As assigned, incumbent is responsible for assisting to develop policies and procedures to ensure information systems reliability and accessibility, and to prevent and defend against unauthorized access to systems, networks, and data
Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs
Promotes awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals
Conduct systems security audits and reviews
Assist the ISSM in developing systems security contingency plans and disaster recovery procedures
Develop and implement programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures
Participate in network and systems design to ensure implementation of appropriate systems security policies
Facilitate the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes; assessing security events to determine impact and implementing corrective actions; and/or ensuring the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services
Perform Security Technical Implementation Guide (STIG) reviews, self-assessments, and participate in Assessment & Authorization (A&A) testing to ensure our systems stay secure and compliant
Analyze system IAVM logs and conduct vulnerability assessments and implement mitigation strategies to protect against potential risks
Use expertise to apply a comprehensive range of cybersecurity policies, principles, and techniques to maintain the integrity of systems processing classified information
Perform risk analysis for system changes, contribute to the Risk Management Framework process, and recommend security solutions to address any identified gaps
Partner with government customers to support Continuous Monitoring activities, manage security incidents, and ensure timely vulnerability remediation
Ensure all system documentation is up to date in government record-keeping systems
Assist in managing changes to security-relevant software, hardware, and firmware to maintain system security
Validate security policies and procedures outlined in the System Security Plan (SSP), customer policies & regulations, and ensure local policies are followed
Initiate the authorization or re-authorization efforts and process for new or expiring systems and assist lead in required meetings
Perform security audits IAW established procedures
Author and review IS security-related documentation and submit to Enterprise Mission Assurance Support Service (eM
ASS)
Help ensure system security requirements are addressed during all phases of the System Development Life Cycle (SDLC)
Take corrective action to resolve identified vulnerabilities
Knowledgeable on ATO requirements and processes
Ability to facilitate Cyber Assessments at different sites as required
Provide security engineering review of proposed changes or additions to the IS (including hardware, software, or connectivity), and advise the Information System Security Manager (ISSM) of the security relevance
Assists in the design, development, implementation and/or integration of IA and security systems and system components including those for networking, computing and enclave environment to include those with multiple enclaves and with differing data protection/classification requirements
Work closely with the Information Systems Security Manager (ISSM) to drive information assurance initiatives, including security authorization activities, compliance with Risk Management Framework (RMF) policies, and the development of System Security Documents and Plans
Ability to create metrics, documentation, presentations, and procedures and communicate results effectively
Project Management and Technical Writing Skills
Job description
Description

Leidos is seeking an experienced Information System Security Officer to provide ISSM support for a vigorous Transport Network program with Defense Information Security Agency (DISA) in Fort Meade, MD.

This is an onsite position, telework allowed as mission dictates.

The Information Systems Security Officer (ISSO) will provide Information Assurance support for a mission critical IP Messaging and Communications Transport Network, including discovery, SSP preparation, C&A, security sustainment, and system decommissioning. This position requires U.S. citizenship and an active Top-Secret clearance with SCI Eligibility.

Primary Responsibilities
• As assigned, incumbent is responsible for assisting to develop policies and procedures to ensure information systems reliability and accessibility, and to prevent and defend against unauthorized access to systems, networks, and data.
• Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Promotes awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals.
• Conduct systems security audits and reviews.
• Assist the ISSM in developing systems security contingency plans and disaster recovery procedures.
• Develop and implement programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.
• Participate in network and systems design to ensure implementation of appropriate systems security policies.
• Facilitate the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes; assessing security events to determine impact and implementing corrective actions; and/or ensuring the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services.
• Perform Security Technical Implementation Guide (STIG) reviews, self-assessments, and participate in Assessment & Authorization (A&A) testing to ensure our systems stay secure and compliant.
• Analyze system IAVM logs and conduct vulnerability assessments and implement mitigation strategies to protect against potential risks.
• Use expertise to apply a comprehensive range of cybersecurity policies, principles, and techniques to maintain the integrity of systems processing classified information.
• Perform risk analysis for system changes, contribute to the Risk Management Framework process, and recommend security solutions to address any identified gaps.
• Partner with government customers to support Continuous Monitoring activities, manage security incidents, and ensure timely vulnerability remediation.
• Ensure all system documentation is up to date in government record-keeping systems.
• Assist in managing changes to security-relevant software, hardware, and firmware to maintain system security.
• Validate security policies and procedures outlined in the System Security Plan (SSP), customer policies & regulations, and ensure local policies are followed.
• Initiate the authorization or re-authorization efforts and process for new or expiring systems and assist lead in required meetings.
• Perform security audits IAW established procedures.
• Author and review IS security-related documentation and submit to Enterprise Mission Assurance Support Service (eMASS).
• Help ensure system security requirements are addressed during all phases of the System Development Life Cycle (SDLC).
• Take corrective action to resolve identified vulnerabilities.
• Knowledgeable on ATO requirements and processes.
• Ability to facilitate Cyber Assessments at different sites as required.
• Provide security engineering review of proposed changes or additions to the IS (including hardware, software, or connectivity), and advise the Information System Security Manager (ISSM) of the security relevance.
• Assists in the design, development, implementation and/or integration of IA and security systems and system components including those for networking, computing and enclave environment to include those with multiple enclaves and with differing data protection/classification requirements.
• Work closely with the Information Systems Security Manager (ISSM) to drive information assurance initiatives, including security authorization activities, compliance with Risk Management Framework (RMF) policies, and the development of System Security Documents and Plans.

Basic Qualifications
• This position requires a BS in Information Systems, or related Cyber field as required. MS preferred and at least 8 years of prior relevant experience. Specific experience, education and training may be considered in lieu of degree.
• Experience with eMASS
• CISSP or CASP certification required.
• DoD 8140 Compliant, IAT Level II or higher required at start.
• Knowledge of NIST SP 800-37, CNSSI 1253, FIPS 1++ and NIST SP 800-53.
• Knowledgeable in RMF accreditation processes.
• Ability to create metrics, documentation, presentations, and procedures and communicate results effectively.
• Experience in auditing security controls
• Knowledge of Continuous Monitoring
• Experience in scanning and interpreting scan results.
• Knowledgeable in STIGs and SRGs
• Knowledge of Common Control Processes
• Project Management and Technical Writing Skills
• Should have hands on experience implementing security and/or network components, i.e. routers, firewalls, IPS, IDS, etc.
• Customer service skills both verbally and written
• Confidence and ability to present briefing to senior level DoD officials in both prepared briefings and/or in ad hoc discussions.
• US Citizenship with an Active DoD clearance at the Top-Secret level with SCI eligibility

GSMO

Original Posting Date

2024-11-14

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range

Pay Range $101,400.00 - $183,300.00

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.