Kavaliro
ISSO II
Kavaliro, Virginia Beach, VA, United States
Essential Duties & Responsibilities
- Perform the duties of an Information System Security Officer (ISSO) as defined in AR 25-2, DA 25-2-14, and the NIST SP 800-53 security controls when the organizationally-defined personnel includes the ISSO
- Actively manages the organization's eMASS records which includes but is not limited to:
- Validates security controls including associated artifacts
- Assesses security scan results and STIGs as required
- Performs POA&M updates, tracking, and resolution
- Leads the continuous monitoring activities of the organization
- Manages the day-to-day activities and the professional development of the Cybersecurity Analysts
- Collaborates with the O-ISSM on all assessment and authorization activities to ensure the information systems maintain an authority to operate (ATO) on all applicable DoD/IC networks
- Maintain up-to-date status on all assigned systems and communicate status to the Government leads
- Maintain complete records of communications, submit written status reports as required, perform peer-review as directed, and attend weekly meetings
- Correspond with the Government customer and system administrators to communicate any unacceptable risks identified and correct deficient POA&M items to meet DoD and IC standards
- Coordinate with the Security Control Assessor (SCA) to perform analysis of the overall risk level the system poses to enterprise networks and to mission data
- Create and maintain cybersecurity policies and standards
- Ensure that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards
- Ensures security scans and STIG checklists are updated according to DA G2 policy
- Produces actionable, risk-based reports on security assessment results
- Assists with vulnerability remediation when necessary
- Develops and maintains security plans and security testing plans
- Periodically updates and improves risk models; metrics; reports; processes; and activities to stay compliant with evolving DoD and IC standards
- Ensures the user community understands and adheres to necessary procedures to maintain security posture of the information systems
- Provides guidance in the creation and maintenance of Standard Operating Procedures (SOPs); Tactics, Techniques, and Procedures (TTPs); and other similar documentation
- PhD in an area of Science, Technology, Engineering or Mathematics with 15+ years' experience as a cybersecurity professional OR a Master's degree in an area of Science, Technology, Engineering or Mathematics with 18+ years' experience as a cybersecurity professional OR a Bachelor's degree in an area of Science, Technology, Engineering or Mathematics with 20+ years' experience as a cybersecurity professional
- Active TS security clearance and eligible for SCI and NATO read-on prior to starting work
- Meet the DoD requirements for a privileged user on a TS/SCI information system prior to starting work - DoD 8140 / 8570.01-m requirements
- 15+ years' experience with the assessment and accreditation activities of national security systems (NSSs)
- 10+ years' experience validating system security controls
- 10+ years' experience with vulnerability management
- 10+ years' experience with DISA Security Technical Implementation Guides (STIGs), DISA Security Requirements Guide (SRG), and vendor-specific security guides
- 8+ years' experience with RMF and eMASS
- 5+ years' experience with POA&M tracking and resolution
- 3+ years' experience performing the continuous monitoring of system security controls
- 10+ years' experience as an ISSO on Army Intel programs
- 2+ years' experience with AC2SP tenant assessment and accreditation activities