Information Systems Security Officer (ISSO) Level 2

***You MUST already have a TS/SCI Clearance with a Polygraph to qualify***

Information Systems Security Officer Level 2

Provide support for a program, organization, system, or enclave’s information assurance program. Provide support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed. Assist with the management of security aspects of the information system and perform day-to-day security operations of the system. Evaluate security solutions to ensure they meet security requirements for processing classified information. Perform vulnerability/risk assessment analysis to support security authorization. Provide configuration management (CM) for information systems security software, hardware, and firmware. Manage changes to system and assess the security impact of those changes. Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs). Support security authorization activities in compliance with National Institute of Standards and Technology Risk Management Framework (NIST RMF).

The Level 2 Information Systems Security Officer shall possess the following capabilities:

• Provide support to senior ISSOs for implementing, and enforcing information systems security policies, standards, and methodologies.
• Assist with preparation and maintenance of documentation.
• Assist in the evaluation of security solutions to ensure they meet security requirements for processing classified information.
• Assist with Configuration Management (CM) for information system security software, hardware, and firmware.
• Maintain records on workstations, servers, routers, firewalls, intelligent hubs, network switches, etc. to include system upgrades.
• Propose, coordinate, and implement information systems security policies, standards, and methodologies.
• Develop and maintain documentation for Security Authorization in accordance with ODNI and DoD policies.
• Provide CM for security-relevant information system software, hardware, and firmware.
• Ensure compliance with system security policy.
• Evaluate security solutions to ensure they meet security requirements for processing classified information.
• Maintain operational security posture for an information system or program.
• Provide support to the Information System Security Manager (ISSM) for maintaining the appropriate operational Cybersecurity posture for a system, program, or enclave.
• Develop and update the system security plan and other Cybersecurity documentation.
• Assist with the management of security aspects of the information system and perform day-today security operations of the system.
• Track and ensure appropriate user identification and authentication mechanism of the Information System (IS)
• Obtain system authorization for ISs under their purview.
• Provide support for a program, organization, system, or enclave’s information assurance program.
• Plan and coordinate implementation of IT security programs and policies
• Manage and control changes to the system assessing the security impact of those changes.
• Provide daily oversight and direction to contractor ISSOs.
• Interact with customers, IT staff, and high-level corporate officers to define and achieve required Cybersecurity objectives.

Qualifications:

• Eight (8) years of combined work-related experience in the fields of IT, cybersecurity or security authorization is required.
• Experience in at least two of the following areas is required: knowledge of current security tools, hardware/software security implementation; communication protocols; or encryption tools and techniques.
• Familiarity with commercial security products, security authorization techniques, security incident management, and PKI and authorization services.
• Bachelor's degree in Computer Science, Cyber Security or IT Engineering is required.
• In lieu of a Bachelor’s degree, four (4) additional years of work-related experience may be substituted.
• Compliance with DoD 8570.01-M with a minimum certification of IAM Level I is required.