Information System Security Officer (ISSO)
CSA is seeking a Cyber Security Specialist / ISSO to provide support to support to a government client located in Grafenwoehr, Germany.
As a member of the Cyber Security Team, the ISSO will conduct research, data analysis, onsite Information Assurance support, and Risk Management Framework support.
This position is located in Grafenwoehr, Germany. Due to the nature of this work and location, we will be conducting ongoing interviews while this position is contingent upon award.
How Your Role Will Make an Impact :
- Develops and maintain an organizational or system-level cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.
- Provides support to the System Owner and the ISSM for maintaining the appropriate operational IA posture for a system, program, or enclave.
- Provides support to the customer on all matters involving the security of their information systems.
- Assists with the management of all security aspects of the information system and as assigned performs day-to-day security operations of the system.
- Assists in the development of the system security policy and ensures compliance with that policy on a routine basis.
- Prepares, validate, and maintain security documentation including, but not limited to system security plan (SSP), risk assessment (RA), contingency plan (CP), privacy Impact assessment (PIA), eAuthentication assessment, FIPS categorization.
- Provide configuration management for security-relevant information system
- software, hardware, and firmware, controlling changes to the system and assessing the security impact of those changes.
- Identify and mitigate security business and system risks.
- Identify and manage POA&Ms through remediation as well as develop corrective action plans for each POA&M.
- Maintains a repository for all organizational or system-level cybersecurity-related documentation such as RMF processes within eMASS or other automated process.
- Maintains Defense Information Technology Portfolio Registry (DITPR) for client systems and software.
- Ensures implementation of Information System (IS) security measures and procedures,
- including reporting incidents to the Information System Security Manger (ISSM) and appropriate reporting chains as well as coordinating system-level responses to unauthorized disclosures in accordance with DoDM Vol 3 for classified information or DoDM Vol 4 for CUI, respectively.
- Implements and enforce all DoD IS and Platform Information Technology (PIT) system cybersecurity policies and procedures, as defined by cybersecurity-related documentation.
- Ensures that all users have the requisite security clearances and access authorization and are aware of their cybersecurity responsibilities for DoD IS and PIT systems under their purview before being granted access to those systems.
- In coordination with the ISSM, initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
- Establishes a process for authorized users to report all cybersecurity-related events and potential threats and vulnerabilities to the ISSO.
- Ensures that all DoD IS cybersecurity-related documentation is current and accessible to properly authorized individuals.
- Ensures proper Configuration Management procedures are followed. Prior to implementation and contingent upon necessary approval with the ISSM.
- Initiates requests for temporary and permanent exception, deviations, or waivers to IA requirements such as Plan of Action and Milestones (POA&Ms).
- Ensures IA and IA-enabled software, hardware and firmware comply with appropriate security configuration guides. ·
- Provide status updates of assigned duties to the appropriate agency heads as defined in their respective Service Level Agreement (SLA).
- Responds to all applicable data calls, CTO’s, FRAGO’s, IAVA’s, etc. within the requested timeframe.
- Attends all Cybersecurity Workforce Meetings when requested.
- Performs as needed system administration on JLCCTC or other simulations or interface systems as needed.
- Performs as needed technical operations, setup and tear down of servers, systems and integration tools; maintaining RMF compliance;
providing input to exercise design and technical planning products.
- Supports as needed other set-up, transition, and break down for all training and training support activities pertaining to this task order.
- Participates in individual training, seminars, conferences, exercise / experiment planning events, site surveys, and exercise and training events and supports the planning and preparation processes and product development as needed.
What You Will Need to Join Our Award-Winning Team :
- Clearance : Must possess a Secret Clearance with the ability to obtain a TS / SCI and pass a CI Poly
- Must possess a bachelor’s degree plus 3 years of recent relevant technical experience OR an associate degree plus 7 years of recent experience OR a major Industry Recognized networking certification plus 7 years of recent experience OR 11 years of recent experience.
- Possess an expert understanding of NIST, DoD, & Army Cybersecurity & Risk
- Management Framework policies, directives, instructions, manuals, and best business practices
- Knowledge of current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection and remediation tools and procedures utilizing standards based concepts and capabilities (, ACAS, SCCM, HBSS).
- Knowledge of disaster recovery and continuity of operations plans. Knowledge of enterprise incident response program, roles, and responsibilities.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (, application of Defense in Depth).
- Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. Knowledge of measures or indicators of system performance and availability.
- Knowledge and expertise to manage the security aspects of assigned systems.
- Ability to prioritize tasks, deliver solutions on time and be a team player with the ability to work independently and proactively while being flexible and prioritizing competing priorities, often under time constraints.
- Strong analysis, oral and written communication, and change management skills with ability to plan, organize, prioritize, track, manage, and learn new skills.
- Proficiency with using the Internet and with Microsoft Office products including e-mail, Word, Excel, Access, Project, and Visio are required.
- Superior analytical and problem-solving skills.
- Ability to document and update processes.
- Ability to perform tasks under deadlines.
- Ability to work with senior Government and Industry leaders.
- Possess a very high degree of attention to detail.
- Capable of working at a computer terminal for extended periods.
- Ability to work 12-hour shifts, day or night, for consecutive days up to 4 weeks.
- Outstanding interpersonal and written communication skills.
- Minimum Certifications : Meet DoD M Baseline Computing Environment (CE) Certification Requirements at Information Assurance Management Level II (IAM II)
What Sets You Apart :
- Bachelor’s degree in engineering, science, mathematics, or a related field
- Five (5) years experience within the past 10 years, in planning simulation exercise architectures, supervising implementation of communication systems, and integration of Army Mission Command Systems in support of distributed exercises.
- Five (5) years experience in information technology management Expert understanding of NIST, ICD, DoD, CNSSI, & Army Cybersecurity &
- Risk Management Framework policies, directives, instructions, manuals, and best business practices.
- At least one year of experience under the DoD Information Assurance
- Certification and Accreditation Process (DIACAP) and / or Risk Management
- Framework (RMF) assess and authorize (A&A) accreditation process within a SCIF environment and has a familiarity with Enterprise Mission Assurance
- Support Service (eMASS).
- Knowledge of enterprise incident response program, roles, and responsibilities.
- Knowledge of measures or indicators of system performance and availability.
- Knowledge of network systems management principles, models, methods
end-to-end systems performance monitoring), and tools.
Knowledge of server administration and systems engineering theories,
concepts, and methods.
- Knowledge of systems lifecycle management principles, including software
- security and usability.
- Technical familiarity with MS Windows 10 Professional / Enterprise, Windows
- Server 2012 or greater, and Red Hat Linux.
This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee.
Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice.Applicants may need to meet eligibility requirements for access to classified information;
an active United States Department of Defense security clearance or the ability to obtain one may be required for this role.
As a federal contractor, CSA will abide by the client’s infectious disease protocols.WE BELIEVE great companies know who they are and what they stand for.
CSA’s common purpose and core values were purposefully developed to create a culture focused on unlocking the full potential of our people so they are inspired to solve our clients’ toughest challenges.
It’s no secret, we owe the past 18 years of our success to our outstanding and ambitious team members. To support our hard working team, we offer an environment focused on learning and growth, an awesome benefits package, and opportunities to build a long and successful career.
We are constantly on the hunt for talented, forward-thinking problem solvers with an energetic attitude and a strong work ethic to join our elite team of CSAers.
Be a part of CSA do great things!CSA is a Federal Contractor and an Equal Opportunity / Affirmative Action Employer.If you are an individual with a disability and would like to request a reasonable workplace accommodation for any part of our employment process, please send an email to .
Please indicate the specifics of the assistance needed. Assistance is reserved for individuals who are requesting a reasonable workplace accommodation.
It is not intended for other purposes or inquiries. We’re an equal opportunity employer that empowers our people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status or other protected characteristic.
If you are a California resident applying for a job, you consent to our .Notification for current or previously cleared professionals : Official Government information appearing in the public domain shall not automatically be considered UNCLASSIFIED or approved for public release.
CSA recognizes that information contained in resumes of current or previously cleared professionals may be sensitive, contain potentially proprietary and / or protected information.
Protected Information is considered classified, in the process of a classification determination, or unclassified, but protected by statute.
Therefore, all resumes should be approved for public release by a Government Official with Original Classification Authority, prior to posting the resume to CSA’s applicant tracking system.
By submitting my resume, I understand that I am NOT authorized to upload content with Official Government information that is considered, sensitive, proprietary, or protected.