ISSO - Information Systems Security Officer

Information Systems Security Officer (ISSO)

Location: Dayton, OH

Eligibility: US Citizen

Clearance: Successful Background Check Required. Ability to obtain Secret Clearance.

Position: Security Engineer-II

Description:

The ideal Information Systems Security Officer (ISSO) candidate is a dynamic, highly motivated and well-organized Senior Security Engineer with experience administering security policies and procedures on secure information systems.

Responsibilities:

The ISSO requires flexibility, independent judgment and discretion in order to handle the identification, analysis and resolution of security-related matters. Candidate will perform system or network designs that encompass multiple enclaves, to include those with differing data protection/classification requirements. The candidate should understand distributed architectures and cloud-based systems and their cybersecurity implications. Candidate will use vulnerability management systems, automated security scanning tools, and system accreditation record systems.

Candidate must be able to grasp new concepts, facilitate information exchanges for data gathering, and collaborate with diverse audiences. Must follow established processes where applicable and establish and execute defensible processes where none are prescribed.

Candidate will provide security planning, assessment, risk analysis, and risk management support. Will also recommend system-level solutions to resolve security requirements and guide the development team in meeting the security posture requirements. Will also support the Government client in the enforcement of the design and implementation of trusted relationships among external systems and architectures. Must apply existing knowledge of IA policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments.

Functional Responsibilities Include:

• Assist with the overall implementation of the Enterprise Security Program.
• Assist with technical security activities relative to the development, acquisition, and sustainment of aeronautical weapon systems, subsystems, and associated support systems such as software code reviews, vulnerability assessments, Program Protection Plans, CDRL development, and threat scenarios.
• Assist with implementation of Information, Personnel, Physical, Industrial, and Communications Security.
• Assist with program protection, technology control, protection of FOUO information, and other information requiring protection ensuring compliance with related DoD and AF instructions.
• Support development and implementation of common cybersecurity classification guidance.
• Manage and maintain secure servers and workstations.
• Operation and configuration of security controls on Windows/Linux operating systems/servers.
• Identify, recommend and implement updates and improvements to information systems.
• Perform information systems self-inspections.
• Prepare for and support inspections by customer base.
• Maintain, update and administer Information System Training.
• Developing and managing of STIGs, CONOPS, POA&Ms to maintain approved information systems.
• Update and maintain Plan of Action & Milestones (POA&Ms) as needed.
• Continuous monitoring, testing and validation of system controls.
• Identify information system vulnerabilities and implement corrective actions.
• Install and maintain operating system and software packages as well as required updates and patch management.
• Install and maintain system hardware.
• Administer backups, audits, virus scanning to information systems.
• Maintain accountability of media and control logs.
• Manage weekly audits and maintenance.
• Generate and update information systems authorization packages as required.
• Log reports of media, changes to system, or other required logs.
• Implement and update security settings per STIG requirements.
• Validate security configurations with SCC and STIG Viewer.
• Creates and maintains RMF documentation.
• Provide COMSEC support.
• Research, document, and make recommendations to update and streamline security policies, processes, procedures and inspections.
• Assist Facility Security Officer as needed.
• Assist with preparing for and participating in DCSA and other customer security reviews.
• Provide insight to support Cybersecurity Maturity Model Certification (CMMC).
• Perform other related duties as assigned.

Requirements:

• Security Clearance: A current Secret level government clearance is required, and therefore all candidates must be a U.S. citizen. A recently inactive clearance is acceptable, such that it can be reactivated.
• All candidates must be U.S. Citizens.
• All candidates must pass a background check.
• All candidates must validate education and certification requirements.
• All candidates must be able to maintain (at minimum) a Secret level DOD clearance throughout employment.

Required Skills:

• Bachelor's Degree in a technical discipline (i.e. Computer Science, Information Systems, Computer Engineering, etc.) or needs a total of 7 years of experience in lieu of degree.
• 5+ years of experience as an ISSE with large multi-tiered security programs.
• Minimum 2-year ISSO experience is required.
• DoD 8570 compliance with IAT Level II (e.g. SSCP, Security+, CCNA-Security, or GSEC certification).
• Experience implementing DoD system accreditation processes (e.g. NIST-RMF, FedRAMP).
• Working knowledge of NIST/CMMC policies is required.
• Experience with DISA STIGs and SRGs, vulnerability management systems, mitigation and compliance processes, and reviewing results from automated security scanning tools.
• Experience with NISPOM requirements.
• A working knowledge of TCP/IP suite of protocols and services, computer architectures, and network topologies, distributed architectures and cloud-based systems for big data applications is required.
• Must have the ability to create, review and edit authorization documentation for completeness and accuracy in accordance with federal and DoD policy.
• Experience assessing use case and operational risk of integrated open source, and GOTS/COTS software components.
• The ability to work independently and as part of a team is needed. Must be able to interact well with others to complete work.
• Certification required as outlined in DoD Directive 8570.01-M for Information Assurance Technician Certifications (minimum of IAT-II).
• Experience with Enterprise Mission Assurance Support Service (eMASS) Workflows.
• Proactive personality with strong oral and written communication skills is required.
• Strong attention to detail is required.
• Strong organizational and administrative skills is required.
• Ability to multitask, managing multiple areas of responsibility/simultaneous projects running in parallel is required.
• Ability to work both independently and in a team environment is required.

Minimum Education:

Bachelor's Degree in a technical discipline (i.e. Computer Science, Information Systems, Computer Engineering, etc.) or needs a total of 10 years of experience in lieu of degree.

Desired Skills:

• DoD 8570 compliance with IASAE Level II (e.g. CSSLP, CISSP, or CASP certification).
• CISSP concentration in Engineering or Architecture is highly desired.
• Experience with maintaining appropriate facility security databases including, but not limited to, NISS, DISS, eMASS, e-QIP, SWFT.
• Completion of formal, Center for Development of Security Excellence (DCSA CDSE) is preferred.
• Knowledge of COMSEC operations and accountability.
• Knowledge of flight test authorization and flight safety.
• Familiar with Aircraft cybersecurity testing and Airworthiness safety programs.
• Experience with Azure, AWS, and/or Google cloud platforms is highly desired.

Our Company:

TECHFORGE Solutions (TFS) is an Aerospace and Defense company located in Dayton, Ohio. Our amazing team is consistently delivering solutions to our customers' most challenging problems in core business areas including aerospace systems, autonomy, business intelligence, cloud technologies, cybersecurity, data science, and enterprise risk governance. TECHFORGE is a leader in innovation and technology commercialization. At TECHFORGE Solutions we are committed to providing a work environment that is exciting, challenging, and deeply rewarding. We value our employees and provide industry leading benefits, rewards, and a healthy workplace to support them.

Due to the nature of our work, U.S. citizenship is required for employment, and employees may be required to obtain and maintain a security clearance.

To learn more about us, please visit:

Equal Opportunity Employer:

TECHFORGE is committed to providing equal opportunity to applicants and employees without regard to race, religion, color, national origin, sex, age, disability, pregnancy, genetic information, marital status, veteran status, sexual orientation, or any other characteristic protected by law. This policy applies to all areas of employment including recruitment, placement, training, transfer, promotion, lay off, termination, pay, and other forms of compensation and benefits. The Company will comply with its legal obligation to provide reasonable accommodation to qualified individuals with disabilities.

We are committed to providing accessibility to employment opportunities for person with disabilities.

About TECHFORGE Solutions:

Enterprise Governance, Risk & Compliance (GRC). We help companies safeguard their Intellectual Property (IP) with lifecycle focused program protection, IP security, and Anti-Tamper engineering to secure their most valuable technologies from theft, tampering, reverse engineering, and exploitation. Our experts deliver end-to-end protection across hardware, software, and integrated systems. Core Capabilities: - Program Protection Engineering - Intellectual Property (IP) Protection - Anti-Tamper Engineering - Compliance & Regulatory Support - Lifecycle Security Support