Information Systems Security Officer - Security
York Space Systems · Grand Forks AFB, ND · 2 wk ago
Information TechnologyFull-time
Responsibilities
- Oversee day-today operations required to perform RMF
- Delegate tasks and create deadlines to meet security requirements
- Be forward facing for customer interactions which will translate into system requirements
- Spearhead building RMF packages within eMASS and perform continuous monitoring for the full duration of the information system lifecycle
- Implement the Risk Management (RMF) process throughout the entire A&A lifecycle of the system(s) or multiple ATOs across different locations, supporting all efforts pre and post Authority to Operate (ATO) determination
- Aid the ISSM in meeting their duties to support A&A activities and coordinate with system’s Security Controls Assessor (SCA) and Authorizing Official (AO)
- Perform and review technical security assessments of the system(s) to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies to maintain operational security posture for the boundary systems
- Create and maintain Plan of Action and Milestones (POA&Ms), System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Standard Operating Procedures (SOPs), Configuration Management Plans, Contingency Plans and Test Result/Security Impact Analyses
- Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media
- Conduct continuous monitoring (ConMon) activities for applicable authorization boundaries
- Apply and maintain up to date application of Security Technical Implementation Guides (STIGs) to required components of the information systems
- Maintain inventory and asset configuration to include change management documentation
- Lead System level change request through formalized Configuration Control boards (CCB)
- Ensure that the appropriate operational security posture is maintained for the information system, working in close collaboration with the information system owner and the ISSM
- Notify ISSM when changes occur that might affect the authorization determination of the information system(s)
- Report all security-related concerns and incidents to the ISSM
Requirements
- Experience developing and documenting DoD Assessment and Authorization documentation
- Knowledge of CNSSI 1253, NIST 800 Series (primarily 800-53, 800-53A, 800-171), RMF
- 3+ years of IA/Cyber Security experience
- Bachelor’s degree or higher in Computer Science or Security
- Security+ certification
- CEH or equivalent
- Experience with DCSA tools such as eMASS, STIGs and SCAP
- US Citizenship and Active TS clearance or higher