INFORMATION SYSTEMS SECURITY OFFICER (ISSO), Kirtland AFB, NM

Job Description: The RATS CLS/TSSC Program ISSO shall execute program requirements in accordance with DoDD 8140.01, DoD 8570.01-M and AFMAN 17-1303.  The Program ISSO shall comply with the Defense Acquisition Regulations (DFARS) 252.239.7001 and shall hold the qualifications for Information Assurance Technician (IAT) Level II. The ISSO possesses a DoD approved cybersecurity baseline certification commensurate to category and level of the assigned position.

Essential Duties and Responsibilities:

• Assist the System Program Office (SPO) Information System Security Manager (ISSM) in the oversight, policy, procedure development, and related functions in compliance with:
• National Industrial Security Program Operating Manual (NISPOM)
• DoDI 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT)
• Committee On National Security Systems Instruction (CNSSI) 1253
• National Institute of Standards and Technology (NIST) Special Publication 800-37 Rev 1 Guide for Applying the Risk Management Framework to Federal Information Systems
• Conduct initial and periodic analysis and secure configuration of any Commercial Off-the-Shelf (COTS) and/or Non-Developmental Items (NDI) to ensure that they are appropriately configured, software/hardware/firmware is controlled, and that any unique risks posed are mitigated.
• Implement all Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) applicable to any system IA-enabled components.
• Maintain and update completed Security Technical Implementation Guides (STIGs), Security Readiness Guides (SRGs), and a Secure Content Automation Protocol (SCAP) Benchmark checklist for each product (operating system or applicable software).
• Conduct vulnerability scans on Aircrew Training Devices (ATDs) and information systems (ISs) using an Air Force approved scanning tool (currently Assured Compliance Assessment Solution (ACAS)) and prepare and analyze test results, identify potential security vulnerabilities, and provide guidance on mitigating risks in support for the development into a Plan of Action and Milestones (POA&M) for each site.
• Manage all cybersecurity compliance activities utilizing eMASS as the system of record. If there is not SIPR access in the facility, the ISSO shall obtain a courier card to transport ACAS scans to enter the results in SIPR eMASS.
• Maintain an acceptable baseline of cybersecurity controls within eMASS in order to achieve and maintain an Authority to Operate (ATO) for the system.
• Update and maintain all required RMF artifacts, which may include drafting new documentation updated with industry standards.
• Review newly discovered vulnerabilities to detect compliance and risk issues associated with the organizations’ ATO; identify issues that will affect the ATO status and correct.
• Report a potential security violation to the Program Office ISSM and the SPO within 8 hours or NLT the end of the duty day after detection.
• Review documented cybersecurity policy; ensure program compliance with documented policy and identify any disconnects; POA&M those non-compliant in eMASS along with a schedule to fix the issue.
• Review cybersecurity documentation and update documentation to maintain compliance with changing Air Force policy and/or industry best practices.
• Ensure system recovery processes are monitored to ensure that security features and procedures are properly restored.
• Conduct weekly system audits of both automated and manual audit logs.
• Ensure configuration management for security relevant software, hardware, and firmware is documented and maintained.
• Complete the required documentation necessary to maintain EMSEC certification of all classified areas, rooms, or systems.
• Maintain and submit updates to the cybersecurity scorecard.
• Support development of the Program Protection Implementation Plan (PPIP).
• Apply all STIGs to the system on an ongoing basis to remain in compliance with the GBTS Continuous Monitoring Plan and maintain the ATO of the system.
• Maintaining the active directory, account management, maintenance and administration of group policy, applying updates, patches, and antivirus software. System administrative duties also include hardware maintenance, troubleshooting, diagnostics and repair, software lifecycle maintenance, and maintaining the ACAS servers.

Other duties as assigned.

Education and/or Experience:

• Position requires a minimum IAT II certification level, a DoD approved cybersecurity baseline certification.
• 4-year degree.
• Experience as a flight simulator maintenance technician or equivalent.
• DOD Contractor experience.
• AFSOC platform experience.

Supervisory Responsibilities

As Required

Security Clearance and Responsibilities

• Must possess IAT Level II Certification

• Must either have a current security clearance or be fully eligible for the requisite clearance.
• Must comply with all company Information Systems security policies and procedures.
• Employees will be responsible for proper handling of classified information, materials, and equipment.
• Employees will be required to execute a non-disclosure agreement prior to accessing controlled information.

Qualifications

Candidate must be able to perform each duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Must have good knowledge of computer networks.
• Must exhibit high performance and capability to work in a team environment.
• Must be able to work independently, with minimal supervision.
• Strong communication and interpersonal skills are required.
• Must be proficient in Microsoft Excel, PowerPoint, and Word
• Must be able to effectively deliver oral presentations to management and customers.
• Must be able to work overtime as required.
• Must be willing to work any shift or day of the week as required.

Language Skills

Must have the ability to read, analyze, and interpret the most complex word and technical documents/diagrams. Ability to read, analyze, and interpret English language professional journals, technical procedures, government specifications or industry standards. Will be required to respond effectively to sensitive inquiries and complaints. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, and customers. Must be able to generate effective oral and written presentations and proposals on complex subjects.

Mathematical Skills

Must be able to calculate figures and amounts, prices, commissions, and percentages, and to draw and interpret graphs. Ability to produce, understand, and interpret mathematical equations and algorithms associated with simulation modeling and design.

Reasoning Ability

Must be able to define problems, collect data, establish facts, and draw valid conclusions. An ability to interpret complex customer requirements and attitudes from verbal, non-verbal, and written communication is desirable. Ability to read and understand electrical schematics and drawings.

Certificates, Licenses, Registrations

IAT Level II

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Must be able to lift and/or move at least 50 pounds.
• Must be able to walk and/or climb stairs and ladder into a simulator or airplane cockpit.
• Must be able to stoop, bend, and crawl on top or under the device.
• Must be able to detect odors or hear noises, bangs, etc., or other sounds to detect problems or flaws in the functioning of simulators and their surrounding environment.
• Must be able to distinguish colors.
• Domestic and international travel as required.

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Shop floor environment.
• Will be working in areas with risk of electrical shock from moving mechanical parts driven by hydraulics under high pressure.
• Will at times be exposed to the following conditions: extreme heat, airborne particles, and loud noises.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability.