Information Systems Security Officer (Isso): Tyndall Aerial Targets

Amentum is seeking an Information Systems Security Officer (ISSO) to provide direct support to our government customer under the Aerial Targets Contract at Tyndall AFB, FL

The ISSO’s performance shall demonstrate:

• High analytical and troubleshooting skills
• Effective prioritization of needs, requirements, and other issues
• Excellent written and verbal communication
• Leadership, followership, and teamwork
• Exceptional interpersonal skills and conflict resolution
• Dedication to continuous IT learning, research, and skill development
• High motivation, self-starter, requiring little direction

The ISSO’s responsibilities include, but are not limited to:

• Ensuring the appropriate operational security posture for assigned Platform IT (PIT) systems in coordination with the Information System Security Manager (ISSM)
• Development of a comprehensive security plan for multiple PIT systems
• Develop plans and associated artifacts addressing Remanence Security (REMSEC), Computer Security (COMPUSEC), Communications Security (COMSEC) and Operations Security (OPSEC) practices and procedures
• Participate in all facets of the Risk Management Framework (RMF) process with associated tasks for assigned PIT systems in accordance with (IAW) Air Force Instruction (AFI) 17-101
• Notify ISSM and/or appropriate authority of classified spillages/incidents IAW Incident Response Plan
• Research, develop, implement, test and review organization's information security program in order to protect assigned PIT systems
• Implement and maintain security controls in accordance with the System Security Plan and Department of Defense (DoD) policies
• Conduct cybersecurity activities related to maintaining situational awareness
• Instruct users and PIT system administrators about security measures and potential threats
• Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of systems
• Ensure all required hardware equipment and software applications are approved and current through the appropriate agencies
• Install software, implement security measures, and monitor computer systems/networks
• Gather data necessary to maintain security and establish functioning external barriers such as firewalls, Cross Domain Solutions, and other security devices or measures
• Assess the impacts of modifications and current or future technological advances on PIT systems
• Review systems to identify potential security weaknesses, recommend vulnerability mitigations, implement changes, and document upgrades
• Work with the PIT systems’ configuration control authorities for needed implementations and documentation changes/additions
• Perform periodic Information Assurance scans of assigned PIT systems referencing the latest DoD Security Technical Implementation Guides (STIG) or Security Requirements Guides (SRG)
• Formulate scan reports and provide the results to the appropriate authority
• Determine which controls are applicable to the application thorough understanding of Committee on National Security Systems Instruction (CNSSI) 1253 and NIST SP 800-53/800-171 controls
• Author a Plan of Action & Milestones (POAM) when required
• Provide support for systems across the entire Assessment and Authorization (A&A) process
• Define, create, update, and maintain the documentation for Final Risk Determination and Authorization Decision of each PIT system in accordance with US Government requirements
• Document, monitor, update, scan, and manage PIT systems to maintain an acceptable security posture and to achieve an Authority to Operate (ATO), ATO with Conditions, Interim Authority to Test, and, when applicable, Authority to Connect across the various local and deployed locations
• Prepare A&A PIT system documentation for submission to the appropriate Authorizing Official

Types of artifacts that will be required:

• System and Network Diagrams, Topologies, and Information Flow Drawings
• Hardware and Software Lists
• Plan of Action & Milestones
• Risk Assessment Report
• Security Technical Information Guides (STIG)
• Security Requirements Guides
• Request or Manually Inherit Security Controls in Enterprise Mission Assurance Support Service (eMASS)
• Firewall Modifications for Ports, Protocols, and Services
• Change Control Board Charter and Documentation
• Incident Response Plan
• Contingency Plan
• Configuration Management Plan
• Continuous Monitoring Plan and Strategy
• Security Content Automation Protocol (SCAP) Scan Results
• Information Assurance Vulnerability Alerts, Bulletins, and Advisories
• Security Controls Traceability Matrix

Required qualifications:

• 5 years of relevant experience with bachelor’s degree in relevant field or 3 years of relevant experience with master’s degree in relevant field
• Experience working with databases, networks, hardware, firewalls, cross-domain solutions and encryption in a cybersecurity role
• Experience implementing RMF methodology to accredit assigned systems through the A&A process
• Experience establishing and updating eMASS for assigned systems
• Experience using Assured Compliance Assessment Solution (ACAS) to identify vulnerabilities
• Experience using Security Content Automation Protocol (SCAP) to verify compliance
• Hold a current DoDD 8140 IAM Level II or higher certification (CGRC, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP)
• Proficient using Microsoft Windows and Linux Operating Systems
• Proficient using Microsoft Office Professional Suite and applications
• Must be able to work outside the normal 9-5 workday, when required
• Must be able to travel and work in secure, windowless facilities
• Must be a U.S. Citizen
• Must have at minimum an active U.S. Secret security clearance
• Must have a valid driver’s license

Desired experience:

• Experience with Air Force Cyber Security Processes and Policies such as AFI 17-101, RMF Knowledge Service, AFI 17-130, AFMAN 17-1301, AFMAN17-1303, AFSSI 7700, AFSSI 7702, AFSSI 7703
• Experience applying NIST SP 800-30 R1, NIST SP 800-37 R2, NIST SP 800-60 Vol 1 & Vol 2 and NIST SP 800-137 for PIT Systems
• Experience with maintaining systems per DoDI 8500.01, DoDI 8510.01
• Experience with DoDI 5000.02 and NIST SP 800-160, Systems Security Engineering
• Experience with Appendix III to OMB Circular A-130, AFI 17-110, and AFMAN 17-1402
• Experience with Vulnerability Remediation Asset Manager

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran’s status, ancestry, sexual orientation, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law.

Labor Law Posters

EEO including Disability/Protected Veterans