Job: Information Systems Security Officer

Title Information Systems Security Officer
Location San Antonio, TX
Position Type Full-Time
Job Information

Position Overview:

The Information Systems Security Officer provides SME support to security validation site visits and augment IG for inspection of Agency unit’s and organizations performing SAP missions. Responsibilities include:

  • Guidance for local area networks (LANs), wide-area networks (WANs), virtual networks, stand-alone systems, laptops
  • SAP and SCI system evaluation
  • Certification testing (Beta 1 and Beta 2) and accreditation, and Infrastructure connectivity for systems operating in a multi-level classified environment consisting of SCI and SAP activities
  • Requirements:

  • Bachelor’s degree in relevant field or equivalent experience (one year experience in relevant field is equivalent to one year towards degree)
  • Active Security+ Certification required
  • 5+ years providing ISSO capabilities to include recent experience within the last 3 years
  • Minimum 5 years’ experience supporting a multi-level classified environment consisting of SCI and SAP activities
  • Thorough understanding of the difference between SCI and SAP, and its associated requirements
  • Demonstrable understanding of DoDDs and DoDMs; ICDs; JSIG and the RMG; JAFAN Manuals; CNSS policies; AF SAPNP; AFIs, AFMAN
  • Active passport
  • Responsibilities:

  • The contractor shall provide highly qualified personnel to support GPMs, GSSOs, and/or USMs in the day-to-day administration of the information systems security program. The contractor shall provide certified professionals commensurate with their responsibilities and in accordance with DoDD 8570.01 and DoD 8570.01-M to perform ISSM and ISSO duties as delineated in ICD 503, the JSIG and RMF, and JAFAN 6/3. The contractor shall ensure all personnel performing IA support (designated as an ISSM or ISSO) are certified IAW DoDD 8570 requirements (minimum of Security Plus). SCIF/SAPF systems consist primarily of the Non-secure Internet Protocol Network (NIPRNet), Secure Internet Protocol Network (SIPRNet), Joint Worldwide Intelligence Communication System (JWICS), Secure Global Network (SGN), Information Support System (ISS), local area networks (LAN), stand-alone workstations, and mission systems. The ISSO shall provide guidance and assistance across the Agency enterprise for sponsored units involved in SAP activities, as necessary. The contractor shall provide technical review and recommend engineering solutions for all networks suppo1iing SAPs. The contractor shall ensure information systems security is addressed in each respective Agency sponsored unit’s applicable security SOPs and/or OIs, and incorporated into the overall SETA program. Responsibilities include, but are not limited to, the following:
    1. Systems Accreditation: The contractor shall establish and maintain enclave, network and platform Information Technology (IT) accreditation and special approval authorizations, as required, for all networked and stand-alone classified information systems (IS) operating within applicable Agency SCIFs/SAPFs. The ISSO, with assistance from assigned Systems Engineers/Systems Administrators, shall be responsible for development and maintenance of comprehensive Systems Security Plans (SSP)/System Security Authorization Agreement (SSAA), outlining security operating procedures required to provide an acceptable level of protection for each IS and the classified data processed therein. The SSP tasks will include development and maintenance of Protection Level (PL) 2, PL 3, PL 4 and PL 5 SSPs in ICD 503, JSIG, or applicable directive format. Agency ISSM and ISSOs shall review sponsored unit’s SSPs for accuracy and completeness prior to submission for approval. The contractor shall prepare any supporting correspondence, review and validate information in SSPs for accuracy, system architecture, configuration and processing level for all packages being submitted to the Air Staff and national accreditation authorities for approval
  • Hardware, Software and Media: The contractor shall assist the GPM, GSSO, and/or USM with monitoring and managing the flow of all IS hardware, software and magnetic media entered into, and removed from the SCIF /SAPF. ISSOs shall ensure each piece of media is scanned for viruses, finalized, and properly marked/labeled prior to initial use with any SCIF/SAPF. ISSOs shall properly research and vet both Commercial Off-the-Shelf (COTS) and Government Off-the-Shelf (GOTS) software identified for use with Agency sponsored facilities. Record findings, identify vulnerabilities, if any, and provide written recommendation before the software can be used in an Agency IS. ISSOs shall also be responsible for development and maintenance of comprehensive SOPs for the continuity of IA processes. This includes, but is not limited to, procedures for software evaluation using the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and National Security Agency (NSA) guide configuration standards for DoD IA and IA-enabled devices/systems or subsequent directives
  • Audits: Execute audits on all SCIF/SAPF Computer/information systems IAW JAFAN 6/0, Appendix C, Security Document Retention table, ICD 503, JAFAN 6/3, and AFI 33-202vl, as applicable. Review, analyze and document the results of weekly network/stand-alone audit reports. Audit logs will be retained on file in accordance with the provisions outlined in the above references and each system’s specific SSP
  • Additional IA Measures: The ISSO shall maintain a list of all IS and accreditation status, track all IS system actions, provide weekly status updates (e.g., PSO, AF or national level approval pending, etc.), and formulate a priority matrix for pending IS staffing actions, as directed
  • Training: Perform and document initial training for all personnel prior to granting access to any classified IS, and annual/recurring training thereafter, as directed. The ISSO shall ensure each user is familiar with the procedures and responsibilities outlined in the SSP
  • Configuration Management (CM): Serve as a key member on CM Board and ensure CM is maintained and documented. The ISSO shall coordinate on all Engineering or System Change Requests (ECRs or SCRs) that affect hardware, software, or network changes, and make recommendations concerning possible configuration changes when appropriate
  • Event Approvals: The ISSO shall ensure exercise/test networks are installed and operated in accordance with established directives, and actively participate in the event coordination approval process. The ISSO shall support maintenance of network Memorandums of Agreement (MOA) with external sites; and shall review approvals to test, approvals to configure and connect, external enclave approvals to operate, and network approvals to connect in support of distributed voice and data connectivity for events
  • Data Transfers: As required, perform or assist with all data transfers in accordance with procedures outlined in the respective system’s SSP
  • System Administration: The ISSO will provide system administration support for SIMS, stand-alone workstations and laptops, and other information systems required to complete the unit’s security requirements, as directed
  • Operating System (OS): The ISSO shall have working knowledge and experience with Windows, UNIX, Solaris, and RED HAT operating systems
  • System Vulnerability Announcements: The ISSO shall have working knowledge and experience reviewing, analyzing, and recommending solutions to include software/hardware patches as corrective actions or countermeasures to information system vulnerability announcements (e.g., IAVA, IAVM, IAVB, etc.), as required
  • Guest Systems: As required, create and maintain Guest System approval documentation for systems introduced into the facility (e.g., NIPRNET, SIPRNET, JWICS, NSAnet, etc.)
  • System Security: The ISSO shall assist the government with ensuring all approved systems are operated, maintained, and disposed of in accordance with established policies and practices as outlined in the appropriate SSAA. This includes evaluating hardware and software changes for impacts on security
  • The ISSO shall have working knowledge and experience preparing SSPs/SSAAs (JSIG and ICD 503 C&A Guide format); writing and reviewing plan of action and milestones (POAMs) for SCI and SAP systems; security CONOPs (new and mobile systems); and guest system packages
  • The ISSO shall have working knowledge and experience with information system configuration using security tools
  • The ISSO shall have working knowledge and experience populating SCI and SAP accreditation database (e.g., XACTA, etc.), as required
  • The ISSO shall have working knowledge and experience with SCI and SAR accreditation requirements for Protection Level 1 (PL1) to Protection Level 5 (PL5) systems
  • Clearance: Active TS/SCI security clearance based on a SSBI within the last five years is required

    Apply Now