The Information Security Systems Officer (ISSO) will support the Enterprise which delivers outsourcing solutions of Security Services to a wide variety of clients across various agencies in the United States Federal Government. The Enterprise and Telecommunications Unit (AMK-222A) provides network and telecommunications services and telecommunications infrastructure for the MMAC and the FAA. The Telecommunications Unit manages the MMAC Backbone Network (MMAC Net) and the MMAC Trusted Internet Connection (MMAC TIC). The telecommunications infrastructure services provided are part of life cycle management of telecommunications infrastructure at the MMAC supporting approximately (95) buildings on approximately 1,200 acres. The Enterprise is a franchise and has a wide variety of government clients across various cabinets in the federal government.
Specifically, the ISSO will:
- Assists the Telecommunications Unit in ensuring proper operational security posture is maintained for protection of an information system, program, or designated IT assets by serving as an adviser on all matters involving Information Systems Security (ISS).
- Participates in vulnerability, risk and threat assessments, and other activities for analyzing the risk for information systems and assist with recommending suitable measures to manage those risks (as assigned and within expiration date, e.g., prior to assessment, within Period of Performance (POP), etc.).
- Updates and maintains annual accreditation packages for the MMAC Net and MMAC TIC systems, including managing and controlling changes to the system and assessing the security impact of those changes.
- Evaluating the technical accuracy and completeness of a system's C&A documents (updates are made to all security documentation as required).
- Reports to the Telecommunications Manager, ISSM or (Information System Owner (ISO) any unauthorized access to information or any system failure or suspected defect that could lead to an unauthorized disclosure, loss of integrity, or loss of system availability within 1 hour.
- Contingency Planning
- Develops, validates, and maintains information system contingency plans and procedures for assigned information systems and their components based on guidelines contained in NIST SP 800-34 and using existing templates.
- Plans, coordinates, evaluates, and facilitates the testing of assigned information system contingency plans (classroom or functional) for any system categorized as medium or high risk under FIPS 199 (low system tests may be requested by the customer) and documents test results using existing templates and includes in the information system assessment package.
- Provides advice in the development of Business Impact Analysis (BIA) and the contingency Test Plan.
- Coordinates an annual Disaster Recovery (DR) test for MMAC Net and MMAC TIC.
- Provides audit support, maintains audit trails, initiates protective or corrective operations if security problems are discovered, an incident is reported, or if the system is compromised, and provides reports on systems status package.
- Review monthly scan reports.
- Updates KSN site quarterly with status of monthly scans and any remediation completed and/or planned.
- Responds to ad hoc requests within one day and schedules to meet customers' requirements (e.g., participates in ISS compliance reviews/data calls, vulnerability, threat, and risk assessments on servers scans, PBC tracker requests, responds to REMEDY tickets, customer consultation requests, meetings with internal ISSOs, responds to inquiries regarding cyber incidents which impact the assigned information systems, varying writing assignments, status reports, other administrative security procedures).
- Reviews and reports POA&M status, e.g. CSAM tracking system, etc.
- Schedules the appropriate resources for annual assessments and annual Disaster Recovery (DR) testing for MMAC-Net and MMAC TIC.
- Reviews Memorandum of Understandings (MOU/ISA) concerning interconnection of systems, security services levels, per NIST SP 800-47, Security Guide for Interconnection of Security Systems.
- Uploads appropriate security documentation and artifacts to the Cyber Security Assessment and Management (CSAM) database.
Position requires a Bachelors degree and 8+ years of relevant experience. Additional years of experience may be considered in lieu of a Bachelors degree.