ISSO (Information System Security Officer), Lead
ISSO (Information System Security Officer), Lead
Company:
ManTech International Corporation
Category:
Skilled Labor - Trades, Professional Services, Information Technology
Degrees Required:
4 Year Degree
Employment Type:
Full-Time
Manages Others:
No
Requirements:
Requires Bachelor's degree or equivalent and two to four of related experience and ability to obtain a security clearanceAdditional QualificationsUS Citizen
TS/SCI with Poly Clearance
Requirements:
Group: MCTS
Clearance Level Needed: TS/SCI
Shift: Day
Skills or experience needed:
10 years required; (Bachelor's in Computer Engineering, Computer Science, or related field = 4) of relevant experience in deploying, configuring, maintaining, and monitoring computer systems and networks, as well as performing software installations and upgrades.
Has provided system administration support of Windows and Unix operating systems and TCP/IP networks, working with token-based Public Key Infrastructure (PKI) and/or CAC smartcards, network and web security, and network communication devices (hub, switches, and routers).
Has expertise in Web Server and Directory Server management.
Has multiple years of experience maintaining network servers, file servers, VPN gateways, and intrusion detection systems.
Is experienced in virtualization technology (e.g., VMware).
Has a thorough understanding of secure systems engineering development, including system security requirements analysis, system security requirements allocation, trade-off analysis, other system security analyses, and secure system definition and specification development.
Has mutliple years of experience working in the IA environment.
Specific SS-2 ISSO job entails, But not limited to:
Ensures that the Information System (IS) is operated, used, maintained, and disposed of in accordance with security policies and practices.
Enforces security policies and safeguards on all personnel having access to the IS.
Reports the security status of the IS to the ISSM as required by the AO.
Assists with the creation of and maintains SSPs and supporting documentation in accordance with Agency guidelines. Give
Ensures that users and system support personnel have the required security clearances and need-to-know to utilize the system (i.e., PRIVAC, etc.).
Conducts user training and awareness activities under the direction of the ISSM.
Works with physical security personnel to ensure the physical protection of IS assets.
Performs continuous monitoring of systems (using software tools such as such as Gold Disk, eEye Retina, Tripwire, WASSP and SECSCN, ensuring that the system stays in an accredited state by auditing, configuration management, patch management, physical and personnel security management, user and privileged user account management, incident reporting and mitigation, and documenting all security relevant changes.
Conducts security audits of systems, ensuring that audit trails are reviewed periodically, and that audit records are archived for future reference.
Utilizes the Agency security incident reporting mechanism to report incidents to the ISSM when the IS is compromised.
Initiates appropriate protective or corrective measures if a security problem is discovered.
Conducts the Risk Assessment of the IS using the methodology determined by the ISSM and approved by the AO.
Ensures that the IS is accredited and maintains its accreditation through continuous monitoring.
Assists the ISSM in IS configuration management activities to ensure that implemented changes do not compromise the security of the system.
Documents applicable Foreign Ownership Control/Influence (FOCI) concerns and off-line COTS testing plans.
Maintains documentation of the system administrator's PKI and PRIVAC status and ensure proper training and clearances are obtained.
Ensures the IS remains in compliance with Fragmentary Orders (FRAGO), Information Assurance Vulnerabilities, including bulletins, technical advisories, and alerts, and any other IOSS security related notice, as well as conducting the proper updates and following the proper reporting policies.
