Information Systems Security Officer, Tactical Mobility (TacMo) in Ridgecrest, CA at DCS

Date Posted: 7/11/2022

Job Snapshot

Job Description

Information Systems Security Officer (ISSO), Tactical Mobility (TacMo).

The TacMo IPT develops and delivers innovative and custom software and hardware solutions/products that enable the ability to securely execute mission requirements and support integrated warfighting capabilities, meeting current and emerging critical fleet needs. TacMo’s in-house organic and agile capabilities, from developing systems from concept through design and into fabrication and prototyping, allows for rapid release outside of traditional waterfall product life cycles.

Essential Job Functions:

Responsible for various Information Assurance and Cybersecurity (IA/C) requirements in the Department of the Navy (DON) environment to secure computing through Risk Management Framework (RMF) processes and procedures. Perform the duties of an Information Systems Security Officer (ISSO) in cradle-to-grave authorization boundary project planning and execution activities.

Ensure proper Configuration Management (CM) procedures are followed prior to implementation and contingent upon an established approval process. Initiate requests for temporary and permanent exception, deviations, or waivers to IA/C requirements. Advise appropriate senior leadership or Authorizing Official (AO) of changes affecting the IA/C posture of the organization and its programs.

Follow DON Security Assessment and Authorization (A&A) processes and author and maintain A&A artifacts/documentation.

Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.

Identify security requirements specific to an IT system in all phases of the system life-cycle.

Ensure that protection and detection capabilities are acquired or developed using the Information System (IS) security engineering approach and are consistent with organization-level IA architecture.

Conduct security vulnerability assessments of systems and networks and provide technical recommendations and guidance on mitigating risks.

Perform Information Assurance Vulnerability Management (IAVM) compliance and reporting; security control analysis, testing, and compliance reporting.

Ensure that IA/C inspections, tests, and reviews are coordinated for the network environment.

Ensure that IA/C requirements are integrated into the continuity planning for that system and/or organization(s).

Ensure Plans of Actions and Milestones (POA&M) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, and inspections in accordance with RMF controls and System Security Plan.

Recognize a possible security violation and take appropriate action to report the incident, as required.

Supervise or manage protective or corrective measures when an IA incident or vulnerability is discovered.

Support necessary compliance activities (i.e., ensure system security configuration guidelines are followed, compliance monitoring occurs, etc.).

Work with the client to ensure all PHYSEC/OPSEC/COMSEC/TEMPEST guidance is met and work towards successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organizations mission and goals.

Maintain DON Application and Database Management System (DADMS) information for client software lists.

Conduct regular user security-awareness training.

Evaluate cost benefit, economic, and risk analysis in decision making process.

Participate in an information security risk assessment during the Security Assessment and Authorization process.

Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.

Participate in the development or modification of the computer environment IA security program plans and requirements.

Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.

Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents.

Recommend resource allocations required to securely operate and maintain an organization.

Required Skills:

Due to the sensitivity of customer related requirements, U.S. Citizenship is required.

A high school diploma with 7 years of IT experience is required. Will also consider an Associates with 2 years of IT experience.

Must be able to obtain and maintain a security clearance for the duration of employment.

Experience with reviewing DISA Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs) or Security Readiness Review (SRR) scripts and evaluating them against Information Technology (IT) systems.

A current DoD 8570.01-M Information Assurance Manager (IAM) Level I certification is required or must be completed within the first six months of hire.

Must have knowledge of standalone and closed-loop non-Department of Defense Information Network (DoDIN) authorization requirements.

Enthusiastic, experienced and teachable Cybersecurity/Information Security professional with RMF A&A and hands-on IA/C operational experience.

Must be able to provide exemplary customer support as well as achieve a high level of regulatory compliance in a security sensitive environment.

Must be able to manage multiple task across different departments.

Desired Skills:

Bachelor's Degree with an IT discipline.

Minimum of 2 plus years RMF experience (hands-on developing A&A packages, reviewing NIST 800-53 security controls for DoD systems, and performing risk assessments to develop a plan of actions and milestones (POA&M).

Minimum of 1 year experience conducting Navy A&A validations (Entry/Intermediate/Fully-Qualified Navy Validator).

System Administrator experience with DoD systems (Information Assurance Technical (IAT) Level I/II/III certifications).

Experience with vulnerability assessment automated tools (Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP) tools, Host Based Security System (HBSS) tools).

Experience with using the Enterprise Mission Assurance Support Service (eMASS) tool.

Experience with Operational, Research Development Test & Evaluation (RDT&E)-connected DoDIN and Platform IT (/interconnected) authorization requirements.

Experience working in a regulatory and security sensitive environment.

Experience with cyber-security audits or inspections.

Job Requirements

3934

ChooseYour Path

OR