Information Systems Security Officer (ISSO)

Job Description

Security Clearance: Active Top Secret required

Responsibilities

• Ensuring that day to day security is maintained for assigned information systems
• Ensuring all Information Systems (IS)s are operated, maintained, and disposed of in accordance with security policies and practices outlined in the FBI's Information System Security Assessment (ISSA) Handbook and NIST publication series NIST 800-53
• Ensure that all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before they are granted access to the IS
• Initiate protective and corrective measures when a security incident or vulnerability is discovered
• Monitor system recovery processes and ensure the proper restoration of an IS security features
• Ensure Configuration Management (CM) for security-relevant IS software, hardware, and firmware is documented and maintained
• Support certification activities throughout the ISSA process (previously known as Certification and Accreditation process);
• Ensure that system security requirements are complied with, unless waived during all phases of the system lifecycles
• Establish audit trails and ensure their review, and make them available, when required, to the Chief Security Officer (CSO) or the Information System Security Manager (ISSM);
• retain audit logs in accordance with Department of Justice (DOJ), Office of Director of National Intelligence (ODNI) and/or FBI policy
• Ensure awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code; manage review and release of media and/or memory components
• Ensure general users and privileged users are trained-in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training
• Disseminate, control, and manage the issuance of user identifications and passwords for assigned ISs, and provide authorized lists to appropriate system administrators.
• Develop, implement, and enforce information systems security policies
• Maintain System Security Plans (SSPs) and all other system security documentation
• Development of other required system plans: Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan (DRP) (as required), and Incident Response Plan (IRP)
• Support risk assessment and evaluation activities throughout the Certification and Accreditation (C&A) or site accreditation process
• Able to implement and maintain continuous monitoring
• Establish audit trails, ensuring their review and reporting all identified security findings

Qualifications

• 5-years work experience in cyber security related field, preferably as an ISSO, required
• Active Top Secret Clearance required
• Current CISSP certification required
• Experienced using and operating security tools such as, but not limited to: Tenable’s Nessus and/or Security Center, IBM Guardium, HP WebInspect, or like applications, and Network Mapper, (NMAP)
• A Bachelors or Advanced Degree in Computer Science, Cybersecurity, Mathematics, or Engineering is highly desirable

Additional Information

All your information will be kept confidential according to EEO guidelines.