Amentum is seeking an Information Systems Security Officer (ISSO) to provide direct support to our government customer under the Aerial Targets Contract at Tyndall AFB, FLThe ISSO’s performance shall demonstrate:
High analytical and troubleshooting skills
Effective prioritization of needs, requirements, and other issues
Excellent written and verbal communication
Leadership, followership, and teamwork
Exceptional interpersonal skills and conflict resolution
Dedication to continuous IT learning, research, and skill development
High motivation, self-starter, requiring little direction
The ISSO’s responsibilities include, but are not limited to:
Ensuring the appropriate operational security posture for assigned Platform IT (PIT) systems in coordination with the Information System Security Manager (ISSM)
Development of a comprehensive security plan for multiple PIT systems
Develop plans and associated artifacts addressing Remanence Security (REMSEC), Computer Security (COMPUSEC), Communications Security (COMSEC) and Operations Security (OPSEC) practices and procedures
Participate in all facets of the Risk Management Framework (RMF) process with associated tasks for assigned PIT systems in accordance with (IAW) Air Force Instruction (AFI) 17-101
Notify ISSM and/or appropriate authority of classified spillages/incidents IAW Incident Response Plan
Research, develop, implement, test and review organization's information security program in order to protect assigned PIT systems
Implement and maintain security controls in accordance with the System Security Plan and Department of Defense (DoD) policies
Conduct cybersecurity activities related to maintaining situational awareness
Instruct users and PIT system administrators about security measures and potential threats
Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of systems
Ensure all required hardware equipment and software applications are approved and current through the appropriate agencies
Install software, implement security measures, and monitor computer systems/networks
Gather data necessary to maintain security and establish functioning external barriers such as firewalls, Cross Domain Solutions, and other security devices or measures
Assess the impacts of modifications and current or future technological advances on PIT systems
Review systems to identify potential security weaknesses, recommend vulnerability mitigations, implement changes, and document upgrades
Work with the PIT systems’ configuration control authorities for needed implementations and documentation changes/additions
Perform periodic Information Assurance scans of assigned PIT systems referencing the latest DoD Security Technical Implementation Guides (STIG) or Security Requirements Guides (SRG)
Formulate scan reports and provide the results to the appropriate authority
Determine which controls are applicable to the application thorough understanding of Committee on National Security Systems Instruction (CNSSI) 1253 and NIST SP 800-53/800-171 controls
Author a Plan of Action & Milestones (POAM) when required
Provide support for systems across the entire Assessment and Authorization (A&A) process
Define, create, update, and maintain the documentation for Final Risk Determination and Authorization Decision of each PIT system in accordance with US Government requirements
Document, monitor, update, scan, and manage PIT systems to maintain an acceptable security posture and to achieve an Authority to Operate (ATO), ATO with Conditions, Interim Authority to Test, and, when applicable, Authority to Connect across the various local and deployed locations
Prepare A&A PIT system documentation for submission to the appropriate Authorizing Official
Types of artifacts that will be required:
System and Network Diagrams, Topologies, and Information Flow Drawings
Hardware and Software Lists
Plan of Action & Milestones
Risk Assessment Report
Security Technical Information Guides (STIG)
Security Requirements Guides
Request or Manually Inherit Security Controls in Enterprise Mission Assurance Support Service (eMASS)
Firewall Modifications for Ports, Protocols, and Services
Change Control Board Charter and Documentation
Incident Response Plan
Contingency Plan
Configuration Management Plan
Continuous Monitoring Plan and Strategy
Security Content Automation Protocol (SCAP) Scan Results
Information Assurance Vulnerability Alerts, Bulletins, and Advisories
Security Controls Traceability Matrix
Required qualifications :
5 years of relevant experience with bachelor’s degree in relevant field or 3 years of relevant experience with master’s degree in relevant field
Experience working with databases, networks, hardware, firewalls, cross-domain solutions and encryption in a cybersecurity role
Experience implementing RMF methodology to accredit assigned systems through the A&A process
Experience establishing and updating eMASS for assigned systems
Experience using Assured Compliance Assessment Solution (ACAS) to identify vulnerabilities
Experience using Security Content Automation Protocol (SCAP) to verify compliance
Hold a current DoDD 8140 IAM Level II or higher certification (CGRC, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP)
Proficient using Microsoft Windows and Linux Operating Systems
Proficient using Microsoft Office Professional Suite and applications
Must be able to work outside the normal 9-5 workday, when required
Must be able to travel and work in secure, windowless facilities
Must be a U.S. Citizen
Must have at minimum an active U.S. Secret security clearance
Must have a valid driver’s license
Desired experience:
Experience with Air Force Cyber Security Processes and Policies such as AFI 17-101, RMF Knowledge Service, AFI 17-130, AFMAN 17-1301, AFMAN17-1303, AFSSI 7700, AFSSI 7702, AFSSI 7703
Experience applying NIST SP 800-30 R1, NIST SP 800-37 R2, NIST SP 800-60 Vol 1 & Vol 2 and NIST SP 800-137 for PIT Systems
Experience with maintaining systems per DoDI 8500.01, DoDI 8510.01
Experience with DoDI 5000.02 and NIST SP 800-160, Systems Security Engineering
Experience with Appendix III to OMB Circular A-130, AFI 17-110, and AFMAN 17-1402
Experience with Vulnerability Remediation Asset Manager
Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran’s status, ancestry, sexual orientation, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law.Labor Law Posters (https://postings.govdocs.com/#/vxSkbztPuAwwxfs)EEO including Disability/Protected Veterans