Information Systems Security Officer (ISSO)-Tactical/Aviation Systems

C

COLSA Corporation

Information Systems Security Officer (ISSO)-Tactical/Aviation Systems

Huntsville, AL
Full Time
Paid
  • Responsibilities

    General Summary:
    Implementing and documenting management, operational, and technical NIST 800-53 security controls for aviation based information technology systems, platforms, and tactical communication equipment to achieve and maintain Authorization (ATO or IATT) under the Risk Management Framework (RMF) in accordance with DOD, Army, NETCOM, and organizational policies

    *Principal Duties and Responsibilities (Essential Functions):

    • Supports the formal testing requirements through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.*

    • Prepares Test Plans and identifies cybersecurity concerns and risks associated with tests and documents effective mitigtions.*
      Identifies where systems/networks deviate from acceptable configurations, enclave policy, or local policy, especially relating to test configurations and interconnections.*
      Updates and maintains enterprise Mission Assurance Support System (eMASS) records for information systems and platforms.*

    • Creates or updates system Authorization Boundary Diagrams, Information or Data Flow Diagrams (ports, protocols, and services), and Security Architectures.*

    • Ensures that assigned IT systems, platforms, or applications can receive an IATT, ATO, or Assess Only Approval.*

    • Identifies and properly documents deviations, vulnerabilities, and mitigations on the system Plan of Actions and Milestones (POA&M) in eMASS, to include importing results from technical scans into eMASS and managing the resulting POA&M items.*

    • Reviews existing documentation and performs edits and updates to ensure the applicable security controls continue to be met and remain effective.*

    • Reviews, creates or updates a variety of DOD and RMF documentation (including but not limited to Security Plans (SP), Configuration Management Plans (CMP), Incident Response Plans (IRP), Contingency Plans (CP), Access Control Policies, and other Assessment & Authorization (A&A) artifacts) as needed.*

    • Identifies the correct applicable Security Technical Implementation Guide (STIG) and Security Requirements Guides (SRG) for technologies used with systems and also test and apply them to the components of the information system.

    • Uses a variety of cybersecurity tools that include, but are not limited to, enterprise Mission Assurance Support System (eMASS), Security Content Automation Protocol (SCAP) Compliance Checker (SCC), Assured Compliance Assessment Solution (ACAS)/Nessus Vulnerability Scanner, Evaluate-STIG, eMASSter, DISA STIG Viewer, etc.

    • Selects, justifies, and obtains approval for the correct impact levels for Confidentiality, Integrity, and Availability as well as identify and implement applicable control overlays for system records.

    • Provides network and security operations technical analysis, assessment, and recommendations.
      Performs detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards.
      Establishes strict program control processes and policies to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
      Advises appropriate leadership (e.g., Information System Security Manager, etc.) of security relevant changes affecting the organization’s cybersecurity posture.

    • Supports customer meetings, integrated product teams, test event planning, providing cybersecurity support as needed.

    _At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefitshere. _

    Required Skills

    Required Experience

    Required Qualifications

    • Associate's degree or Bachelor’s degree in related field or equivalent experience, advanced degree preferred.
      • Minimum of 3 related certifications may be used in place of unrelated degree field.
    • Minimum of 10 years of work related experience.
    • At a minimum, current and active Security+CE certification, equivalent, or higher DOD 8570/8140 listed certification.
    • Ability to clearly present and communicate technical approaches and findings.
    • Strong written and verbal communication skills.
    • Experience with Assessment & Authorization (A&A) as it relates to achieving Interim Authorization to Test (IATT) or Authorization to Operate (ATO) under the Risk Management Framework (RMF).
    • Experience in working in the DOD enterprise Mission Assurance Support System (eMASS).
    • Experience creating and managing Plans of Actions and Milestones (POA&M) within eMASS.
    • Experience assessing and implementing DISA Security Technical Implementation Guides (STIG) and Security Requirement Guides (SRG) within DOD Information Systems.
    • Self-motivated and able to proactively support customer needs.
    • US Citizenship required
    • DoD Secret security clearance required

    Preferred Qualifications

    • Certified Information Systems Security Professional (CISSP) or other advanced DOD 8570/8140 listed certification.
    • Master’s degree in related field or equivalent experience
    • Knowledge of:
      • Cybersecurity for tactical systems and limited bandwidth or closed restricted networks.
      • Cybersecurity for radio communication systems for tactical or aviation networks.
      • Tactical platform testing events, flight tests, ground tests, or other operational testing of DOD systems and the associated cybersecurity and test authorization (IATT) and documentation processes and procedures.
      • NIST SP 800-53 Rev5 Controls and Procedures
      • Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
      • Information security program management and project management principles and techniques.
      • Army Tactics, Techniques, and Procedures (TTPs), Regulations, processes, and guidance for implementing Cybersecurity.

    Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.