Information Systems Security Officer - top secret clearance w/SCI req'd

Information Technology Pasadena, California


Description

An ISSO is responsible for ensuring the appropriate operational cybersecurity posture is maintained for all information systems and as such, works in close collaboration with the Special Programs Information Systems Security Manager (ISSM). The ISSO is assigned responsibility for the day-to-day cybersecurity operations of all information systems and has accountability to the Special Programs ISSM as well. The Special Programs ISSO role actively ensures compliance with current Sponsor and JPL Cybersecurity policies, concepts and protective measures.

The major responsibilities of the Special Programs ISSO are to:

  • Support/Assist the ISSM in meeting their duties and responsibilities. The Level III ISSO may assume alt-ISSM responsibilities in the absence of the ISSM.
  • The alt-ISSM should be a SME on all matters in which the ISSM has purview over, to include the Risk Management Framework (RMF)
  • The alt-ISSM may serve as a mentor to junior ISSO’s as requested by the ISSM
  • The alt-ISSM may also fill in as the Information Systems Security Engineer (ISSE) in order to fulfill technical requirements required within the RMF accreditation process
  • Assist in maintaining the day-to-day operations of the Information System (IS) cybersecurity program, RMF requirements and policies for their assigned area of responsibility
  • Shall successfully obtain DoD 8570 level III certification
  • Collaborate with other ISSO’s, IT and CPSO’s when writing RMF accreditations to include: Producing /Developing security RMF documentation (e.g., System Security Plan (SSP), Security Controls Traceability Matrix (SCTM), Plan of Action and Milestones (POA&M), supporting artifacts, etc.
  • Ensure all information systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the RMF authorization package
  • Conduct periodic reviews of information systems to ensure compliance with the RMF package
  • Assist in conducting the cybersecurity continuous monitoring required in order to maintain a successful Risk Management Framework (RMF) Authorization To Operate (ATO)
  • Support the ISSM in investigating/handling all cybersecurity incidents and coordinating with the SOC, if required.
  • Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM, as well as making changes within the RMF tracking database, and working with ISSM prior to the change
  • May sit in the Change Configuration Board (CCB) as a delegate for the ISSM, if required
  • Attend program meetings in support of the ISSM, if required
  • Assist with data transfers, to include low-to-high and high-to-low
  • Assist the ISSM with writing cybersecurity SOP’s in accordance with sponsor directives/requirements
  • Keep abreast with industry trends, training and continuing education required to improve their technical knowledge
  • Any other duties as assigned by the ISSM

 

To qualify for these challenging opportunities, you should possess a bachelor’s degree with a minimum of 4-6 years of related Computer Security experience; Master’s degree with a minimum of 2-4 years of related experience; or PhD with a minimum of 1-2 years related experience. Specific expertise and/or knowledge of the following is sought:

  • Possess one of the Department of Defense (DoD) approved 8570 Baseline certifications for Information Assurance Manager (IAM Level 1) or plan to be certified within 6 months of hire date
  • Successful experience with system hardening, configuration testing, continuous monitoring and scanning using any of the tools: SCAP, Nessus, Snort, Splunk
  • Willingness to submit to a Counterintelligence polygraph
  • Recent experience implementing the Intelligence Community Directive (ICD) 503 and Risk Management Framework (RMF) principles, Assessment & Accreditation lifecycle, National Institute of Standards and Technology (NIST) Special Publications including 800-53, Federal Information Processing Standard (FIPS) Publications 199 & 200, and Defense Security Service (DSS) processes including Office of the Designated Approving Authority (ODAA) Business Management System (OBMS) web-based system
  • Knowledge of security concepts and best practices such as defense in-depth, least privilege, need-to-know, separation of duties, access controls, encryption, etc.
  • Strong technical and social skills providing accountability and day-to-day support in ensuring classified automated information systems (AIS) are protected and operated in accordance with governing policies and related manuals.
  • You must be a U.S. citizen with an active Top Secret clearance based upon a Single Scope Background Investigation (SSBI) within a 5-year scope and approved or previously approved for Sensitive Compartmented Information (SCI) access.

Additional Desired Qualifications: 

  • Preferred (ISC)2 Certified Information Systems Security Professional (CISSP) or CompTIA Security+ Continuing Education (CE) certification in good standing
  • Experience with Security Repository Tools such as Telos Xacta IA Manager or Trusted Agent FISMA (TAF)
  • Experience and knowledge of using Security Information and Event Management (SIEM) tools including; Splunk ES to analyze relevant security events and alerts
  • Implement tools and techniques in support of Insider Threat Mitigation Program

 

MORI Associates offers comprehensive benefits (medical/dental/vision care) including matching funds for 401K plan. Most employees working at JPL are given choice to work 9-80 schedule, including getting every other Friday off work!