Senior Information Systems Security Officer (ISSO)

Fayetteville, North Carolina, United States

Applications have closed

Sigma Defense Systems is a leading technology company serving the Department of Defense (DoD), providing tactical communications systems and services for digital modernization since 2006. Through our acquisitions of SOLUTE in January 2022 and Sub U Systems in May 2022, we have expanded our software and communications hardware solutions to better support JADC2, C5ISR, SATCOM, and DEVSECOPS for customers in the Army, Navy, Air Force, Marine Corps, and Space Force. Through a combination of hardware, software, and industry expertise, we provide a complete portfolio of solutions and services that accelerates information collection and sharing for faster decision making and better mission outcomes.

We are a company of innovative professionals thriving in a highly motivating work environment that fosters creativity and independent thinking. If you are a motivated individual with a desire to support our service men and women, now is a great time to join Sigma Defense!

This position will provide cybersecurity support services and Risk Management Framework (RMF) subject matter expertise to the United States Special Operations Command (USSOCOM) Airborne Intelligence, Surveillance and Reconnaissance Transport (AISR-T) program in accordance with DoD and USSOCOM policies and Special Operations Forces Acquisition, Technology and Logistics (SOF AT&L) Program Executive Office Command, Control, Computer and Communications (PEO-C4) directives and regulations.

Supports the AISR-T program as the Information System Security Officer (ISSO) for the Pope Regional Ground Entry Point (RGEP) site and AISR-T systems and capabilities tested, integrated and maintained by the Pope Engineering Cell, by ensuring they meet cybersecurity requirements in accordance will DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), including access control, training and awareness, secure systems design, media protection, cryptographic protection, information system monitoring, incident response, network boundary protection, operations security, endpoint security, anti-tamper/supply chain risk management, software assurance, and anti-counterfeit practices.

Defines system-specific security control baselines by selecting and tailoring National Institute of Standards and Technology (NIST) Special Publication 800-53 security controls based on the Confidentiality-Integrity-Availability (C-I-A) impact levels of the information and information systems, and by applying any applicable overlays in accordance with Committee on National Security Systems Instruction (CNSSI) 1253.

Develops RMF Security Authorization Packages for review and approval by the United States Special Operations Command (USSOCOM) Security Control Assessor (SCA) and Authorizing Official (AO) in order to obtain Interim Authorizations to Test (IATT) or Authorizations to operate (ATO) for the systems under their purview. •

Processes, manages, and maintains all Assessment and Authorization (A&A) documentation during the entire information system life cycle using the Enterprise Mission Assurance Support Service (eMASS), to include the Control Implementation Plan, Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and any supporting evidence and analysis. Performs continuous monitoring and addresses changes in threats, vulnerabilities, and predisposing conditions in the operational environment.

Ensures that the appropriate operational security posture is maintained for the Pope site and the systems and capabilities under the Pope Engineering Cell purview, working in close collaboration with the information system owner (ISO), and the information system security engineers (ISSE).

Serves as a principal advisor on all matters, technical and otherwise, involving the security of the Pope site and information systems.

Plays an active role in the monitoring of the Pope systems and their environment of operation, to include developing and updating security plans; managing and controlling changes to the system; and assessing the security impact of those changes. Ensures systems are operated, maintained, and disposed of IAW security policies and procedures as outlined in the security authorization package.

Attends required technical and security training (e.g., operating system, networking, security management) relative to assigned duties. • Reports all security-related incidents to the AISR-T Information System Security Manager (ISSM).

Conducts periodic reviews of the systems under their purview to ensure compliance with the security authorization package. May serve as a member of the AISR-T Configuration Control Board.

Coordinates any changes or modifications to hardware, software, or firmware of a system with the SCA and ISSM prior to the change.

Formally notifies the ISSM and SCA when changes occur that might affect site or system authorizations.

Ensures all system security-related documentation is current and accessible to properly authorized individuals.

Maintains required cybersecurity certifications.

Requirements

  • Excellent communication skills, both written and oral
  • Strong interpersonal skills – team and customer-service oriented
  • Strict attention to detail
  • Strong organization, facilitation, and time management skills
  • Ability to multi-task effectively, prioritize, and execute against multiple priorities
  • Ability to work independently and with others
  • Demonstrated research and analytical skills
  • Ability to generate recommendations based on rigorous analysis and logical arguments
  • Ability to produce thorough, exhaustive and accurate A&A documentation
  • Ability to produce and present executive-level briefings to program leadership
  • Ability to take initiative
  • Ability to learn independently
  • Ability to process large amounts of data in order to extract and assimilate key points
  • Skilled in Microsoft Office Suite including Word, Excel, Power Point and Visio
  • Experienced in cybersecurity compliance assessment tools and security information and event management data platforms: Assured Compliance Assessment Solution (ACAS); Security Content Automation Protocol (SCAP) Compliance Checker (SCC); eMASS; STIG Viewer.

Essential Job Responsibilities (not all- inclusive)

  • Perform all A&A Configuration Management-related tasks in a thorough, reliable and timely manner for all capabilities under their purview
  • Monitor system compliance utilizing ACAS and other remote monitoring/auditing tools and report to the ISSM
  • Oversee and assist Pope ISSEs in vulnerability management activities
  • Produce comprehensive and accurate quarterly release baselines for systems under their purview
  • Support test and evaluation activities in accordance with AISR-T processes
  • Maintain site security SOPs up to date and perform site inspections and audits as part of Continuous Monitoring
  • Maintain site and system artifacts, to include diagrams

Benefits

  • 401(k) Match
  • Medical, Dental, Vision, and more
  • Highly Competitive Salary
  • Educational Reimbursement
  • Paid Time Off & Paid Holidays
  • We are an equal opportunity employer. All applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, marital status, veteran status or any other applicable legally protected status or characteristic.

Tags: Audits Automation C Compliance DevSecOps DoD Endpoint security Incident response ISSE Monitoring NIST Risk management SCAP Security assessment Security Assessment Report Surveillance Vulnerabilities Vulnerability management

Perks/benefits: 401(k) matching Competitive pay Health care

Region: North America
Country: United States
Job stats:  3  0  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.