Information System Security Officer (ISSO) Level II (IMC00457)
San Angelo, TX
Dependent on qualifications
|Mandatory Job Requirements:||
|Applications Accepted By:||
Email: Michelle Might, Corporate Recruiter, email@example.com
Email Subject Line: ISSO Level II (IMC00457)
The ISSO will work as part of a team on a project for a federal government agency to assist in the daily execution of system and network administration duties for 17 Training Support Squadron Cyber Operations. The ISSO will support the Information System Security Managers (ISSM) in the execution of 17 TRG cybersecurity programs.
Responsibilities: The position will include, but is not limited to, the following tasks:
- Maintain awareness of Authorizing Official directed changes affecting the organization's cybersecurity posture.
- Collect and maintain artifacts needed to meet system cybersecurity reporting.
- Ensure that information system changes are evaluated and implemented as required.
- Coordinate cybersecurity inspections, tests, and reviews.
- Ensure that new and revised security requirements are integrated into continuity plans.
- Evaluate development efforts to ensure that baseline security safeguards are appropriately installed.
- Identify information technology (IT) security program implications of new technologies or technology upgrades.
- Manage the monitoring of information security data sources to maintain organizational situational awareness.
- Execute the privileged account access review and authorization program.
- Accomplish information security risk assessments.
- Provide input for the development and/or modification of cybersecurity policies and procedures.
- Recognize security violations and implement the incident response plan.
- Open trouble tickets when a vulnerability is discovered.
- Review weekly, and as directed by an ISSM, audit logs and communicate items of concern to the appropriate ISSM(s).
- Communicate security issues from the change management process to relevant personnel.
- Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
- Generate plans of actions and milestones, and ensure remediation plans are valid and executable for deficiencies identified during risk assessments, audits, inspections, etc.
- Review trouble tickets and close tickets after validating appropriate fix actions have been completed. Ensure ongoing tickets are assigned to appropriate personnel.
- Authorize standard user accounts following appropriate guidance.
- Review DISA Intelligence Community Vulnerability Management (ICVM) updates.
- Download and update Assured Compliance and Assessment Solution (ACAS) feeds and plugins, when required. Generate reports and open trouble tickets for new findings.
- Perform monthly, and as directed by an ISSM, hardware and software inventory scans and upload findings to appropriate SharePoint or file share, per the SOPs.
- Perform security control assessments, and generate and upload artifacts into eMASS and Xacta, under ISSM direction.
Basic Required Qualifications and Skills: Note: These are mandatory items that all candidates must have when making application to IMC for this position. Please ensure that your submission addresses each of these requirement items. Candidates without these required elements will not be considered.
- At start date, must possess current Information Assurance Technical (IAT) Level II certification – in ACTIVE status:
- Security+ CE
- CySA+ (formerly CSA+)
- CCNA Security
- 3+ years on-the-job experience in organizational cybersecurity program management. Must have experience in implementation of IT security measures and procedures, including reporting incidents to the Information System Security Manager (ISSM) and other designated reporting chains, and coordinating system level responses to unauthorized disclosures.
- 3+ years’ experience in no less than three of the following:
- Security Center
- Nessus Manager
- Log Correlation Engine
- Nessus Scanner
- SCAP Scanner
- 3+ years’ experience in the following skillsets:
- Risk Management Framework
- Design, implement, and maintain Incident Response Plan
- Perform Security Control Assessments
- Audit Log reviews
- Generate plans of actions and milestones (POA&M)
- SCAP Scanner
- Ability to communicate proficiently (both verbally and in written form) with an array of individuals, including management, senior officials, and others.
- A self-starter with a strong work ethic who sets high standards for self and others and demonstrates enthusiasm for the mission of the team.
- Due to a customer requirement, as a condition of employment for this position, the successful candidate will be required to obtain and provide proof of COVID-19 vaccination prior to commencing employment.
- Pursuant to a government contract, this specific position requires U.S. Citizenship.
- All applicants must have current DoD TS/SCI clearance eligibility day one and prior to entry on duty.
Desired Qualifications and Skills: It is desirable that the candidate has the following qualifications:
- Associates degree or higher degree in Information Technology or Information Management.
- IAT Level III certification in ACTIVE status.
Innovative Management Concepts, Inc. (IMC), a Service-Disabled, Veteran-Owned Small Business, provides a broad range of information technology services to government and commercial clients. Since its founding in 1989, IMC has offered solutions and expertise in: IT operations and maintenance, cyber security, systems and network engineering and support services, data management, cloud/hosting services, software engineering and development, website services, software quality assurance and testing (including IV&V), and project management. IMC is certified in International Organization for Standardization (ISO) 9001 Quality Management, ISO 27000 Information Security Management System, and ISO 20000-1 Information Technology Service Management. Find out more about IMC at www.imcva.com.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law.