Information Systems Security Officer
The Information System Security Officer (ISSO) shall be responsible for maintaining a network of secured systems. The candidate should have a working knowledge of the Risk Management Framework (RMF) and Security Technical Implementation Guides (STIGs) and associated systems (eMASS/OBMS).
This position develops and implements security plans and implement processes resulting in accredited hardware and software.
Typical duties include:
· Developing and maintaining Risk Management Framework (RMF) artifacts, including POA&M development and review.
· Conducting risk assessments and risk mitigation analyses and developing contingency plans.
· Analyzing the documentation, validation, and accreditation processes necessary to ensure compliance to security and privacy requirements.
· Maintain security posture of the local area network (LAN) and wide area network (WAN) including integrating and connecting to external customer systems and required supporting documentation.
· Direct interaction with federal government stakeholders and accrediting authorities.
· Defining, analyzing and reviewing hardware and software requirements to meet defined and anticipated customer needs, system quality, and performance standards.
· Communicate security requirements to stakeholders and respond to questions/comments.
· Provide guidance and training to Program Management Offices in need of accredited HW, SW, & Services.
· Support other related duties as needs and circumstances dictate
Required Qualifications and Experience:
· B.S. in an applicable engineering or science field, Master's degree preferred
· 5+ years of experience with operational information technology environments, including 3+ years in a DoD environment (including JWICS/SIPRNET/NIPRNET networks)
· 5+ years of experience with system and network vulnerability analysis, risk assessment and risk mitigation analysis, security test and evaluation (ST&E), contingency planning, firewall policy, ports, and protocols
· Network design and implementation including IP addressing, firewall configuration, and multi-level security devices and systems
· Demonstrated proficiency in developing and implementing a Cybersecurity plan for a new operational system resulting in an ATO and/or ATC
· Knowledge of the DoD Authorization and Accreditation (A&A) process and standards as implemented in the NIST Risk Management Framework (RMF)
· Certifications equivalent to IAT Level II, including Security+ CE or above, or equivalent
· Current Active SECRET, Eligible for TS/SCI
Must be willing to travel 10% of the time.
Must be able to lift and move computing and communications equipment weighing up to 40 lbs.
Some after hours /weekend work may be necessary to support priority time sensitive initiatives or computer security incident response activities.
Aurora Flight Sciences is an Equal Opportunity Employer