Information Systems Security Officer
It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
The Information Systems Security Officer provides support to the Air Force Civil Engineering Program Management Office (PMO). This position develops security documentation, process requirements, and system-level risk assessments of all existing documentation.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge / quality of work, supporting financial goals of the company, initiative / motivation, cooperation / relationships, problem analysis / discretion, accomplishing goals through organization, positive oral / written communication skills, leadership abilities, commitment to Affirmative Action, reliability / dependability, flexibility and ownership / accountability of actions taken.
Develops Certification and Accreditation Program (C&A) documentation for assigned systems. Maintains documentation of system and security-related tasks in eMASS.
Utilizes A4 Risk Management Framework (RMF) processes.
Works in coordination and guidance of the Civil Engineering Authorizing Official (AO) and the Authorizing Official Designated Representatives (AODR).
Coordinates activities with the ISSMs, Program Manager and Lead Engineer.
Completes system-level risk assessments of all existing documentation to identify gaps in Information.
Assurance objectives and security compliance and updates to ensure compliance is maintained as necessary.
Identifies mandated DISA Security Technical Implementation Guides (STIGs).
Conducts security verification and validation testing. Prepares reports of all results and makes recommendations.
Reviews planned program activities to determine security impact and identify security control requirements.
Performs continuous monitoring tasks, reviewing security controls on a periodic, ongoing basis.
Reviews vulnerability notifications and determines if they affect the system being supported.
Supports code scan using automated testing tools (i.e. Checkmarx, Fortify, SonarQube and AppScan).
Identifies and documents the gap analysis between the security controls and the STIGs for all system-level components.
Provides re-certification and annual review requirements support for Initial Security Certifications.
Provides quarterly review and updates to the Plan of Action and Milestones and assists with annual testing and evaluation of the Disaster Recover, Incident Response and Contingency Plans.
Provides support for updating and maintaining current system information or for equivalent replacement system.
Responsible for aiding in own self-development by being available and receptive to any training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output. Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and coworkers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions to the best of own ability.
Bachelor’s degree and the following number of years’ of relevant experience for the respective levels (or equivalent combination of education/experience). Experience with RMF, scanning remediation Fortify, Checkmarx, AppScan and ESPS.
Information Systems Security Officer II: Bachelor’s degree and minimum of three (3) years’ experience
Information Systems Security Officer III: Bachelor’s degree and minimum of five (5) years’ experience
CERTIFICATES / LICENSES / REGISTRATION
This position requires possession of or the ability to obtain and maintain a security clearance
Must hold at least one of the DoD Approved 8570 IAT Level II Certifications:
ISSO – Level 2: CCNA Security, CySA+(or CSA+), GICSP, GSEC, Security+ CE, CND, or SSCP
ISSO – Level 3: CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Proficiency in document development with ability to implement a high degree of professional judgment and a clear understanding of the information to be communicated
Excellent creative development skills with ability to quickly comprehend technical information and translate ideas / concepts into a finished document
Excellent research and analytical skills
Excellent computer skills with proficiency using Microsoft Office Suite
Ability to respond to requests in a professional, helpful and timely manner
Ability to identify problems and to use sound judgment
Outstanding communication, organization, and problem-solving skills
Proven ability to manage and prioritize multiple, diverse projects simultaneously
Ability to be flexible, independent and self-motivated
Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers and the general public.
Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
The physical demands described here are representative of those that must be met by an employee to perform successfully the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!