ISSO/ISSE/IASAE

ISSO/ISSE/IASAE

24 Oct 2024
California, Vandenbergairforcebase, 93437 Vandenbergairforcebase USA

ISSO/ISSE/IASAE

Vacancy expired!

Three different openings of various levels in the Cyber-Security Space supporting a long-term 7 year contract on Vandenburg AFB or Los Angeles AFB.

Clearance: Active TS with SCI capabilities required.

Location: Vandenburg AFB or Los Angeles AFB.

Information Assurance Security Architect Engineer (IASAE)
Individual responsible for ensuring that the information security requirements necessary to protect the organization’s core mission/business processes are adequately addressed in all aspects of the enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those mission/business processes.
Responsibilities of the ISA include, but are not limited to:
  • Serving as the liaison between the enterprise architect and the Information System Security Engineer;
  • Coordinating with ISOs, CCPs, and ISSOs on the allocation of security controls as system-specific, hybrid, or common controls; and
  • In close coordination with ISSOs, advising AOs, CIOs, SAISOs/CISOs, and the REF, on a range of security-related issues including, for example:
    • Establishing information system boundaries, and
    • Assessing the severity of weaknesses and deficiencies in the information system, POA&Ms, risk mitigation approaches, security alerts, and potential adverse effects of identified vulnerabilities.

Information Systems Security Engineer (ISSE)
Individual responsible for conducting information system security engineering activities. Information system security engineering is a process that captures and refines information security requirements and ensures that the requirements are effectively integrated into information systems through purposeful security architecting, design, development, and configuration. ISSEs are an integral part of the development team designing and developing organizational information systems or upgrading legacy systems. Once the system is operational, the ISSM/ISSO assumes responsibility for maintaining the security posture of the information system on a day-to-day basis.
Responsibilities of the ISSE include, but are not limited to:
  • Employing best practices when implementing security requirements within an information system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques;
  • Ensuring the system is designed, developed, and implemented with required security features and safeguards;
  • Proposing the categorization of the information system (in conjunction with the ISO) and documenting the results in the SSP;
  • Ensuring enhancements to existing systems provide equal or improved security features and safeguards; and
  • Ensuring the appropriate SCA is identified as early as possible for ongoing coordination on security decisions.

Information Systems Security Officer
An individual responsible for ensuring the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the Information Systems Officer (ISO). The ISSO should have the detailed knowledge and expertise required to manage the security aspects of an information system and, in many organizations, is assigned responsibility for the day-to-day security operations of a system. In close coordination with the ISO, the ISSO plays an active role in monitoring a system and its environment of operation to include developing and updating the SSP, managing and controlling changes to the system, and assessing the security impact of those changes.
Responsibilities of the ISSO include, but are not limited to:
  • Ensuring physical and environmental protection measures are coordinated with appropriate security officials;
  • Ensuring systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization artifacts;
  • Attending required technical and security training (e.g., operating system, networking, security management) relative to assigned duties;
  • Ensuring all users have the requisite security clearances, authorization, need-to-know, and are provided security awareness training before granting access to the IS;
  • Reporting all security-related incidents to the ISSM;
  • Conducting periodic reviews of information systems to ensure compliance with the security authorization artifacts;
  • Coordinating any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change;
  • Formally notifying the ISSM and AO/DAO when changes occur that might affect system authorization;
  • Working collaboratively with the ISO, ISSE, and ISSM on the risk assessment process;
  • Monitoring system recovery processes to ensure security features and procedures are properly restored and functioning correctly;
  • Ensuring all IS security-related documentation is current and accessible to properly authorized individuals; and
  • Ensuring audit records are collected and reviewed
If you are interested in learning more about this role please email a resume to wdowis@perpetualsourcing.com, or schedule a time to speak with me directly in my calendar using the link here: https://calendly.com/wdowis/30minutes. I look forward to speaking with you further!

Job Details

Jocancy Online Job Portal by jobSearchi.