Information System Security Officer

• Assessing and monitoring system compliance, auditing, security plan development and delivering information systems security education and awareness.
• Investigating information system security violations and help prepare reports specifying corrective and preventative actions.
• Conducting technical and administrative assessments.
• Analyzing systems security risks, analyzing findings, and recommending corrective actions to enhance security.
• Integrating new cybersecurity processes, procedures, and tools.
• Support the creation, review and update of cybersecurity documentation and other technical writing.
• The ISSO's primary duties will consist of managing the day-to-day compliance of our classified information systems.
• Auditing information systems to ensure compliance with security policies and procedures while reporting any discrepancies to the ISSM, ISO.
• Assisting in the Risk Management Framework (RMF) authorization process by developing and maintaining artifacts for the Body of Evidence (BoE).
• Reviewing and approving (within authority) Configuration Management (CM) requests of all associated hardware, software, and security relevant functions are maintained and documented as part of CAB / CCB approval process.
• Assisting with sanitization and release of hardware in accordance with security policies or Authorizing Official (AO) guidance.
• Testing/evaluation and application of required technical security controls and periodic inspections of information systems.

• Bachelor’s Degree with 8+ years of experience or a Master's Degree with 6+ years of experience. Additional equivalent work experience may be considered in lieu of a degree.
• US Citizen with at least a TS/SCI clearance.
• Must hold current Security+ or higher certification to be considered; must be able to maintain.
• Cybersecurity, systems security or hardening, Information Technology.
• Compliance-based auditing using the Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM)
• Experience working with and/or supporting computer technologies (such as; databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics).
• Physical security, project or program management, office management, senior administration, or account management.
• Experience with security configurations across multiple operating systems in various environments, to include Windows, Linux, UNIX, utilizing Active Directory/Group Policy, Centrify, etc. is required.
• Highly organized and self-motivated with excellent documentation skills and the ability to work with minimal supervision.

• Experience in performing IT work with Windows or Linux systems is preferred.
• Experience within the IC community
• Experience working in DoD classified operating environments is preferred.
• Experience with various information system security tools that address vulnerability analysis and mitigation. These may include ACAS, SolarWinds, Tenable, SCAP.
• Familiarity with implementation of Government directives and policies derived from NIST, STIG, DoD, or other Government Regulatory compliance standards within a professional industry.
• Experience in the execution of the Assessment & Authorization processes, as defined within the Risk Managed Framework (RMF).
• Experience providing technical security consultation for complex, cross-domain, diverse classified networked environments in collaboration with internal/external Customers, Information Technology (IT).
• Familiarity with the execution and management of cyber incident response; preservation, containment, and eradication.

Leidos