Part-Time Information Systems Security Officer (ISSO)

Dynamis is seeking a part-time Information Systems Security Officer (ISSO) in support of multiple systems within a small agency. Candidate should have 3-10 years in IT with a background in technology and a strong history of secure technical implementations. Additionally, the candidate should have experience working with security compliance and associated industry/government standards. 

Responsibilities:

• Lead the effort in obtaining & maintaining an ATO for a standalone system. 
  
• Coordinating assessment & authorization activities with external mission partners.
  
• Assist with sustainment of cybersecurity program to ensure compliance with all applicable regulations, instructions, plans, policies, procedures from the DIA & DoD RMF Policies and NIST SP 800-53.
  
• Review & update (as needed) current implementation statements for applicable NIST 800-53 controls.
  
• Perform Vulnerability Management duties utilizing Nessus Manager on a Standalone system. Updating Nessus Plugins on a regular basis and ensuring Trellix/McAfee agent has latest Definitions .DAT files.
  
• Management of STIGs using S-CAP Compliance Checker & STIG Viewer.
  
• Identify Security Flaws and create Plan of Action & Milestones & coordinating remediation activities.
  
• Responsible for coordinating all required artifacts for system ATO. Input and maintain system documentation into government record keeping systems to include System Security Plan, Security Requirements Traceability Matrix, System and System Test Plans
  
• Understanding of a common control package and what controls should/could be inherited depending on host site and system needs.
  
• Responsible for security monitoring and evaluation, including audits, assessment, and risk management.
  
• Manage security incident reporting and response management and implement corrective actions as needed.
  
• Act as investigating officer for security events; notify the appropriate POCs/stakeholders for any cyber related event; conduct root cause analysis.
  
• Performs system administration work to include user account management and installation of approved software. Implement agreed changes in infrastructure to meet business needs.
  
• Perform System Account Maintenance (new user accounts, disabling old accounts, password resets and account unlock requests).
  
• Create and maintain Local Security Policies, Standard Operating Procedures (SOPs) and any other system documentation.
  

Requirements:

• U.S. Citizen
• Top Secret Clearance Required
• Ability to obtain SCI; current or recent SCI preferred.
• Bachelor's degree preferred.
• IAT Level II Certification
• IA Baseline Certification
• CE/OS Certificate
• POA&M Experience
• Minimum of 3 years of relevant experience
• Experience with DOD RMF (Risk Management Framework)
• Experience with DIA ATOs and the XACTA 360 GRC management system preferred.
• Excellent working knowledge of computer systems, security, network and systems administration, databases and data storage systems
• Strong critical thinking and decision-making skills
• A firm grasp on IT infrastructure and operations best practices