Job Details
Job Location
AURORA, CO 1 - Aurora, CO
Position Type
Contractor Salary Range
$91,000.00 - $111,000.00
Job Category
Information Technology
Description
Position Overview
The Level 2 ISSO position is a mid-level information system security
professional that provides advice and assistance to the Government regarding
secure configuration and operation of customers IT assets. Level 2 ISSOs apply
knowledge and experience with standard information system security concepts,
practices, and procedures. ISSO Level 2 duties include, but are not
limited to the following:
Manage the day-to-day system security including physical and environmental
protection, incident handling, and information system security training
and awareness.
Maintain the system security plan (SSP), and other related documents,
following IC, and DoD applicable policies, procedures, and templates.
Support initial risk analysis and present results to the Information System
Owner and PSO.
Participate in assessment and integration, verification, and validation
(IV&V) testing activities.
Assess the security impact of system changes, updating the SSP, managing
and monitoring changes to the system, and disposal of the system in
accordance with IC, and DoD security policies and practices, as outlined
in the approved SSP.
Notify the ISSM, PSO, and Information System Owner when changes occur that
may affect accreditation authorization, thus initiating the
re-certification/re-accreditation process.
Ensure all IS security-related documentation is current and accessible to
properly authorized individuals.
Maintain and update IT asset records in next-gen RMF tool on behalf of the
Information System Owner.
Process information systems access requests, ensuring all users have the
requisite SCI security clearances, authorization, need-to-know, and are
aware of their security responsibilities before granting access to the IS.
Initiate, with the approval of the ISSM, protective or corrective measures
when a security incident or vulnerability is discovered.
Ensure configuration management (CM) for the security relevant IS
software, hardware, and firmware are maintained and documented. If a CM
board exists, the ISSO may support the CM board if so, designated by the ISSM.
Ensure system recovery processes are monitored to ensure that security
features and procedures are properly restored.
Ensure system security requirements are addressed during all phases of the
system life cycle.
Ensure that customer security systems comply with appropriate assessment and
authorization standards.
Responsible for controlling, labeling, virus scanning, and appropriately
transferring data (uploading/downloading) between various customer
information systems as required.
Perform requested uploads/downloads, virus scanning, and software
updates for applicable information systems and local and wide area networks
(LAN/WANs), Public Key Infrastructure (PKI) vetting, Portable
Electronic Device (PED) registrations, and conduct customer Management
Information System (NMIS)/Secret Collateral Management Information
System (SCMIS)/Unclassified Management Information System (UMIS)
user briefings
Support comprehensive investigations into all customer related data spills and
IT incidents at both government and contractor sites.
The contractor shall support information protection needs, system security
requirements, system security architecture, and verify information
protection effectiveness as related to customer mission requirements.
Provide guidance on system security, assessment, and authorization
issues, and INFOSEC policy and security vulnerabilities.
Provide advice and guidance to customer program personnel and Program Security
Officers on all Information System (IS) security issues across all
customer activities.
The contractor shall support the Government POC in managing the acquisition,
operation, storage, inventory, and dispo ition of all Communications
Security (COMSEC) related material and equipment as required.
The contractor shall work security issues involving multiple Intelligence
Community SCI Control Systems, DoD SAP/SAR activities, and SCI Special
Handling programs.
The contractor shall provide appropriate security awareness and training to
customer information system users.
The contractor shall coordinate activities with official designated
representatives, chief information officers, senior agency information
system security officers, information system and common control providers,
and information system security officers.
The contractor shall maintain effective communications with the Information
System Owner, AO or DAO, ISSE, SCA, ISSM, and PSO.
The contractor shall attend program technical exchange meetings, staff
meetings, and program review milestone meetings, as directed.
The contractor shall monitor and track status of applicable patches including
IA vulnerability alerts (IAVA), IA vulnerability bulletins (IAVB),
and technical advisories (TA) for the networks and operating system(s)
under their purview.
Review applicable audit logs for actions to include but not limited to
security relevant events/activities, suspicious activity, baseline
changes and notify the ISSM of any discrepancies.
Write, review, and/or assess security documentation and plans focusing
on safety and security of personnel, assets, resources, and mission.
Qualifications