- Documents and carries out all phases of information systems/networks security program that involves access to computers and computerized data enabling company to meet contractual requirements for information systems security.
- Acts in the capacity as the KEYW ISSO as needed.
- Authors accreditation documentation to obtain customer approvals to operate systems in the classified environment.
- Conducts regular audits to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans that the ISSO authors per ICD 503, NISPOM, and related policy guidance documents.
- Conducts investigations of computer security violations and incidents, reporting as necessary to management.
- Responds to queries and requests for computer security information and reports.
- Provides guidance to safeguards networks located in the classified environment against unauthorized infiltration, modification, destruction, and disclosure.
- Researches, evaluates, tests, recommends, communicates and implements new security procedures, software, or devices. Implements, enforces, communicates, and develops security policies and plans for data, software applications, hardware, and telecommunications.
- Develops materials for computer security education/awareness programs.
- Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration, or denial of access to information.
- Provides security recommendations to clients on information assurance engineering standards, implementation dependencies, and changing information assurance related technologies.
- Provides information assurance project management, and development of mission-critical technical documents as required by the customer security policies.
- Recommends changes in procedures. Incumbent will report in to the
- Security department and act as a liaison between the IT and Security functions.
- Minimum of Six (6) years’ experience in Information Assurance.
- Familiarization with the NISPOM and the RMF requirements for gaining accreditation and the security operation of DoD collateral systems.
- Familiarization with investigating security incidents and the required protocol for such to include notifications to customers, users, and security management.
- Experience in continuous monitoring using NESSUS scan utility and XACTA.
- Experience with RMF, ICD 503, CNSSI 1253, and NIST SP 800-53.
- Experience with Xacta Tool or other automated Information Assurance tool.
- Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC).
- Knowledge of Information Assurance Vulnerability Alerts (IAVAs) and/or Intelligence Community Vulnerability Alerts (ICVAs).
Clearance: A candidate must have a TS/SCI with polygraph clearance.