• Job Description

  Req#: 488889

  SUMMARY:

  An Information Systems (IS) Security Officer (ISSO) is an individual responsible for ensuring the appropriate technical and operational security posture is maintained, specified, installed, and supported as required. The ISSO ensures that information systems comply with regulations and customer requirements defined in DoD 5220.22-M (NISPOM), DAAPM, NIST-SP 800-53, NIST SP 800-171, CMMC, and other applicable requirements and guidance. The ISSO is also responsible for planning and responding to and correcting service outages and other information system issues.

  
  

  The ISSO is responsible for system security implementation and administration in conjunction with the company Information Systems Security Manager (ISSM) and all duties and responsibilities in supporting the ISSM. This is a hands-on position that includes analysis of requirements, proposing solutions, implementation, and on-going support of the IS infrastructure. The objective of this position is to meet requirements while continually improving operating efficiencies by enhancing the IS processes.

  
  

  ESSENTIAL DUTIES AND RESPONSIBILITIES:

  • Perform general administration and conduct routine security audits of systems and software.

  • Perform regular backups, ensure integrity of backup systems & media for all systems in accordance with approved policies and procedures.

  • Participate in risk assessment procedures for verification of Assessment and Accreditation RMF safeguards.

  • Apply updates, patches and configuration changes to systems;

  • Document all system changes and security activities as required;

  • Administrator user account information and ensure all proper account management documentation is completed prior to adding/deleting IS accounts.

  • Maintain security-related and system related documentation and ensure it is accessible to appropriate individuals

  • Ensure security controls are applied to software, hardware, and firmware according to appropriate security configuration guidelines (e.g., Security Technical Implementation Guides (STIGs)/Security Requirement Guides (SRG)).

  • Participate in incident response by applying protective or corrective measures, in coordination with the security manager, when a security incident or vulnerability is discovered.

  • Report security incidents or vulnerabilities to the ISSM and FSO

  • Maintain network security.

  • Conducting periodic assessments of authorized ISs and providing corrective actions for all identified findings and vulnerabilities to the ISSM.

  • Conduct vulnerability and compliance assessments of the information systems.

  • Complete required technical and security training relative to assigned duties.

  • Continuously monitor and report improvements for information systems.;

  • Support system users with technical requests and keep them informed of progress and updates;

  • Works with Information System Technology and Security Department on enterprise cyber security initiatives.

  • Act as a backup for ISSM-related tasks on all accredited systems, including documentation updates, user security briefings, and auditing.

  • Adhere to all policies and procedures for information security and risk management.

  • Coordinate the inclusion of other staff and technical resources as necessary.

  • Perform other tasks as assigned by supervisor.

  QUALIFICATION REQUIREMENTS:

  To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  EDUCATION and/or EXPERIENCE:

  Bachelor’s degree in a technology related field (Information Systems, Cyber Security, Computer Science, Network Infrastructure, or similar) or 5 years of related work experience.

  LANGUAGE SKILLS:

  Ability to read, analyze, and interpret common professional literature. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to effectively present information to management, and colleagues.

  CERTIFICATION:

  To have or acquire within 6 months of hire date, any one of the following Certificates:

  Security + CE SSCP

  CySA + CCNA Security

  GICSP  GSEC

  MATHEMATICAL SKILLS:

  Ability to comprehend and apply basic mathematical skills.

  COMPUTER SKILLS:

  Experience with implementation, configuration, and management of Microsoft Windows and Linux operating systems. Experience with implementing and troubleshooting computer networks. Experienced and proficient in the use of standard personal computer software tools; including word processors, spreadsheets, presentation graphics and databases.

  REASONING ABILITY:

  Ability to define problems, collect data, establish facts, and draw valid conclusions.

  CITIZENSHIP:

  U.S. Citizenship. Must be able to obtain a Secret Level Clearance

  
  

  PHYSICAL DEMANDS:

  • The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel objects, tools, or controls; reach with hands and arms; and talk or hear.

  • The employee is frequently required to stand; walk; climb or balance; and stoop, kneel, crouch, or crawl.

  • The employee must regularly lift and/or move up to 10 pounds, must frequently lift and/or move up to 25 pounds, and must occasionally lift and/or move up to 50 pounds.

  • Specific vision abilities required by this job include close vision, color vision, depth perception, and the ability to adjust focus.

  
  

  WORK ENVIRONMENT:

  • The work environment characteristics described here are representative of those an employee may encounter while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • While performing the duties of this job, the employee is occasionally exposed to fumes or airborne particles, electrical shock, moving parts and vibration.

  • The noise level in the work environment is usually quiet.

  • The employee is occasionally required to work holidays, weekends and odd shifts.

  • The employee will regularly work within a secured area which will not allow cellphone use

  
  

  OTHER REQUIREMENTS:

  • May require some travel

  • Comply with company policies and procedures and work instructions

  • Follow company standards of professionalism

  • Treat customers and coworkers with respect

  • Be honest and dedicated in your work

  • Follow directions of supervisory and management staff

  • Comply with Company quality standards

  • Maintain a professional appearance and comply with any company dress code

  DESIRED SKILLS:

  This job has room for extended experience and certifications that deal primarily with cybersecurity. The items listed below are representative of the additional knowledge, skill, and/or ability that would be an enhancement to the position.

  • Experience or working knowledge of vulnerability and compliance scanning. ACAS, SCAP, STIG Compliance

  • Experience implementing STIG's, CIS Benchmarks, SRGs or other technical security controls.

  • Experience with basic networking, TCP/IP, network switch configuration, VLANs, basic routing

  • Experience with Risk Management Framework (RMF)

  • Experience with security control assessment and reporting

  • Experience with eMASS or other systems of record for Assessment and Authorization.

  • Experience with creating compliance report like Checklist (.ckl) files and others

  • Experience with updating and patching Linux and Windows operating systems

  • Experience with computer and networking hardware support and implementation

  • Experience contributing to documentation required to obtain an Authorization to Operate (ATO)

  • Any specific education relating to cybersecurity

  
  CymSTAR is an Equal Opportunity Employer, and as such affirms the right of every person to participate in all aspects of employment without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, age, veteran status, disability, genetic information, or any other protected characteristic. If you are interested in applying for employment and need special assistance or an accommodation to apply for a posted position, contact our Human Resources department via phone at 918-251-8100 or email at hr@cymstar.com.

• About the company

Notice