POSITION: Information System Security Officer (ISSO) - Full Scope Poly Required
LOCATION: Annapolis Junction/Ft. Meade, MD 20701
REQUIRED CLEARANCE: TS/SCI with FULL SCOPE POLYGRAPH (must have prior to applying)
An SME-Level Information System Security Officer (ISSO) is needed to support an existing project in the Annapolis Junction/Ft. Meade, MD area.
- Ensure that the IS (Information System) is operated, used, maintained, and disposed of in accordance with security policies and practices.
- Enforce security policies and safeguards on all personnel having access to the IS (Information System).
- Report the security status of the IS to the Information System Security Manager (ISSM), as required.
- Assist with the creation of and maintenance of SSP's and supporting documentation in accordance with Agency guidelines.
- Ensure that users and system support personnel have the required security clearances and need-to-know to utilize the system (i.e., PRIVAC, etc.)
- Conduct user training and awareness activities under the direction of the ISSM.
- Work with physical security personnel to ensure the physical protection of IS assets.
- Perform continuous monitoring of systems (using software tools such as Gold Disk, eEye Retina, Tripwire, WASSP, SECSCN, NESSUS, SEAR and Splunk, ensuring that the system stays in an accredited state through auditing, configuration management, patch management, physical and personnel security management, user and privileged user account management, incident reporting and mitigation, and documenting all relevant security changes.
- Conduct security audits of systems using Splunk and, if applicable, SEAR, ensuring that audit trails are reviewed periodically and that audit records are archived for future reference.
- Utilize the Agency security incident reporting mechanism to report incidents to the ISSM when the Information System is compromised.
- Initiate appropriate protective or corrective measures if a security problem is discovered.
- Conduct Risk Assessment of the IS using the methodology determined by the ISSM and approved by the DAO.
- Ensure that the Information System is accredited and maintains its authorization through continuous monitoring.
- Assist the ISSM in IS configuration management activities to ensure that implemented changes do not compromise the security of the system.
- Document applicable Foreign Ownership Control/Influence (FOCI) concerns and off-line Commercial Off the Shelf (COTS) testing plans.
- Maintain documentation of the status of systems administrator and other privileged user accesses and ensure proper training and clearances are obtained.
- Ensure the IS remains in compliance with Fragmentary Orders (FRAGO), Information Assurance Vulnerabilities, including bulletins, technical advisories, and alerts, and any other OISS security related notice, as well as, conducting the proper updates and following the proper reporting policies.
- Perform weekly reviews and updates of the System Security Plan.
- Maintain constant communication with the customer whether in person, email, and/or phone.
- Familiarity with the use of the Vulnerability Management System (VMS).
- Verify IAVA's and all required patching are recorded and completed.
- Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or a related discipline.
MINIMUM REQUIRED EXPERIENCE:
- The Level 4 ISSO shall have and maintain a relevant certification to support DoD 8570 compliance. At least one of the following certifications is required: GSEC, Security+ CE, SSCP, or CCNA-Security
- The ISSO-4 shall have a minimum of five (5) years of experience leading system security teams.
- Fifteen (15) years of experience in one or more of the following:
- Providing support to senior ISSO's for implementing, and enforcing information systems security policies, standards, and methodologies.
- Assisting in the evaluation of security solutions to ensure they meet security requirements for processing classified information.
- Assisting with the CM for information system security software, hardware, and firmware to include maintaining records on workstations, servers, routers, firewalls, intelligent hubs, network switches, etc. to include system upgrades to support managing and controlling changes to the system and assessing the security impact of those changes.
- Proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.
- Maintaining operational security posture for an information system or program.
- Providing support to the Information System Security Manager (ISSM) for maintaining the appropriate operational IA posture for a system, program, or enclave.
- Developing and maintaining documentation for C&A in accordance with ODNI and DoD policies, including system security plans and other IA documentation.
- Assisting with the management of security aspects of the information system and perform day-to-day security operations of the system.
- Administering the user identification and authentication mechanisms of the Information System (IS) Plan and coordinate the IT security programs and policies.
- Providing support for a program, organization, system, or enclave's information assurance program.
THE KENJYA-TRUSANT GROUP, LLC is a Service-Disabled Veteran-Owned Small Business that was established in 2015 as a merger between The Kenjya Group, Inc. and Trusant Technologies, LLC. Our mission is to implement, support and protect the nation’s advanced technology systems, business processes and high-technology facilities. Working with the Department of Defense, Department of Homeland Security, the Intelligence Community, state and local governments, and commercial clients, Kenjya-Trusant provides cyber protection, information technology, engineering, construction management and acquisition support services. We are a small company with big company benefits, including Health, Dental, Vision, 401K, Bonus Potential, Flexible Spending Account, Life Insurance, Short- and Long-Term Disability, Paid Time Off, and a culture of teamwork and continuous learning. Come grow with us!
EOE – Equal Opportunity Employer. People of color, women, veterans and individuals with disabilities are encouraged to apply. (Compliant with the new VEVRAA and Section 503 rules). The Americans with Disabilities Act of 1990 (ADA) makes it unlawful for employers to discriminate in employment against a qualified individual with a disability. The ADA also outlaws discrimination against individuals with disabilities in State and local government services, public accommodations, transportation and telecommunications. If you require accommodations, please contact our Human Resources Department at (410) 740-4045.