ISSO

Job Responsibilities:Minimum of three (3) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) fieldKnowledge of developing, maintaining, and managing Security Authorizations and Assessments packagesExperience with developing and managing Plans of Action & Milestones (POA&Ms)Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities.Technical experience with reviewing vulnerability scans and providing mitigation techniques.Experience in conducting annual assessments.Possess experience developing and testing Contingency Plans.Experience with conducting audit log reviews.Experience with NIST Special Publications and guidanceMinimum of three (3) years of working experience with the latest version of Microsoft Office Suite (Word, Excel, and PowerPoint) and SharePoint (User).Responsibilities:Secure certifiable infrastructure, core services, and application and ensure the security is maintained, and vulnerabilities are mitigated, in compliance with DOJ/FBI/CODIS requirements.Implement and maintain Defense-in-depth to include integrity, availability, authenticity, confidentiality, and non-repudiation of information. Identify security incident ranging from suspicious activity to security violations and ensure prompt reporting to the Government.Where necessary, implement security countermeasures to protect the integrity of information assetsDiagnose the underlying drivers of performance gaps and security postures of the systemEnsure that infrastructure continually meet or exceed current compliance rating which is base on the FBI/CODIS security inspections or FISMA programs and requirementsEnsure security is included and considered from system initiation until disposalEnable consistent, comparable, and repeatable assessment of IT security controls in accordance with DOJ/FBI/CODIS IT requirementsPromote a better understanding of FBI/CODIS-related mission risks resulting from the operation of IR systems and their security and IA to all CODIS personnel and end usersSupport consistent, well-information and ongoing authorization decision through continuous monitoring, transparency of security, and risk management-related informationEnsure all systems within the CODIS accreditation boundary meet or exceed all defined CODIS security accreditation requirements and comply with the processes defined in the CODIS Configuration Management PlanCoordinate daily (federal workdays) with CODIS management and information security personnel on I and security policies, procedures, issues, problems, risks and incidentsReview Government policies and processes looking to improve efficiency in the creation, review and submission of security assessment and authorization packages reducing the time to achieve ATO and maintain a continuous monitoring process.Perform operation system, application, hardware/infrastructure, etc. hardening using DISA Security Technical Implementation Guidelines (STIGs) and/or SRGs as applicable for all appropriate systems within the CODIS accreditation boundary.Respond to 24A28:A36x7x365 mission critical incident defined by CODIS Operations PM, onsite or remotely, within a (2) two-hour window from being notified by the COR/COCertifications: Minimum of at least one (1) certification must be active relating to information security such as: Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.), or CompTIA Security +.