Information System Security Officer

Description

Job Description:

The Leidos Defense Group is seeking an Information System Security Officer (ISSO) for a position located at Fort Belvoir VA and/or Adelphi, MD. This position is part of a Sensitive Compartmented Information (SCI) Program supporting the Army C5ISR CSSP. This is an exciting opportunity to use your experience to help an important DoD Cyber mission.

The ISSO will ensure implementation of security features for the detection of malevolent code, viruses, and adversaries. Develops risk assessment reports and remediation recommendations to other IT support personnel and Government Leadership. The ISSO will also ensure the unit’s information systems follow USARMY, DoD, CNSS 1253 and Intelligence Community (IC) guidance and requirements. The ISSO will also support the risk management lifecycle throughout all phases, and insider threat/risk programs. The ISSO supports and upholds the Information Assurance program for Information Systems within Network Environments. The ISSO constructs and implements system information security standards and procedures, ensuring functionality and security of the unit’s Information Systems. The ISSO works closely with the Information System Security Manager (ISSM) and fills the duties of the ISSM as required; many of the RMF requirements dictate ISSM/ISSO approval so the ISSO will be a point of security authority for the information system. The ISSO will also work closely with the Information System Security Engineer (ISSE) that collaborates with the RMF team and the system’s engineers/developers.

Primary Responsibilities

• Oversees Information Assurance and Risk Management Framework processes and performs duties as ISSO for C5ISR CSSP authorization boundary subscribers
• Ensures other IT support personnel monitor all available resources that provide warnings of system vulnerabilities or ongoing attacks
• Communicates with internal and client project team members. Works to implement solution designs and/or processes in hardware, software, data and procedures.
• Coordinates with personnel on system security compliance and Information System Authority to Operate.
• Ensures Configuration management policies and procedures for authorizing the use of hardware/software on an IS are followed
• Coordinates Information Security Reviews, Security Inspections, and Tests
• Assesses system security threats/risks
• Validates system security requirements definitions and analysis
• Assists with assessment and authorization process as needed
• Tracks and validates security incidents and may be required to investigate, document, report, and provide future protective and corrective measures in response to such incidents
• Ensure proper measures are taken when an incident or vulnerability is discovered
• Leads Leadership Briefings on system security compliance and Information System Authority to Operate (ATO) compliance, expiration and actions
• Implements the Risk Management Framework (RMF) methodology to successfully implement an information technology process which shall effectively protect the element's information assets and its ability to perform its mission
• Reviews evidence and artifacts provided by the ISSE for determination of the RMF controls’ compliance
• Creates documentation (e.g., plans and policies) to satisfy the compliance of RMF controls
• Populates and maintains RMF database (eMASS) with bodies of evidence to support system authorization actions, and verbiage to answer controls and their control correlation identifiers (CCIs)
• Collaborates with the Program Managers, Government Information Assurance Program Managers, ISSMs, engineers and configuration managers to maintain an effective risk assessment process.
• Ensures data stewardship (confidentiality, integrity, and availability) is established for each IS, and specific requirements are enforced
• Is attentive to any security advisories and alerts from DoD, USCYBERCOM, and other authoritative sources and ensures the system complies with them
• Monitors system authorization boundary’s logs for any unauthorized actions and remains cognizant of alerts/notifications to ISSM/ISSO
• May transition to ISSM role in future, as growth opportunity

Basic Qualifications

• BS & 8-12 years of prior relevant exp in Information Security; or Masters with 6-10 years of prior relevant exp in Information Security; Additional experience may be considered in lieu of a degree.
• 10 + years of experience within the information technology job field.
• Must possess a current DoD Top Secret/SCI clearance single-scope background investigation. TS with current SCI eligibility accepted.
• Knowledge of RMF process, eMASS workflow tools
• Knowledge of DoD policies and procedures relating to information technology
• Experience working with cloud computing and infrastructure (AWS, Azure, etc.)
• Maintains currency of required DoD/USARMY trainings
• Per DoD Approved 8570 Baseline Certifications, obtains and/or maintains required Cyber Security Service Provider (CSSP) Auditor certification AND IAM Level II certification

Preferred Education/Qualifications:

• Bachelor’s degree in a STEM discipline (Computer Science, Engineering, Mathematics, etc.)
• AWS Security Engineering Course
• ISC2 Certified Information Systems Security Professional Course
• ISC2 Certified Cloud Security Professional Course
• Experience working with Jira and Confluence
• Experience with USARMY systems/tools/implementations

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.