ACBN Information Systems Security Officer (ISSO)

Type of Requisition:
Regular

Clearance Level Must Currently Possess:
Secret

Clearance Level Must Be Able to Obtain:
Secret

Public Trust/Other Required:
None

Job Family:
Cyber and IT Risk Management

Job Qualifications:

Skills:
Computer Security, Information Assurance, Organizational Security, Security Requirements, System Security
Certifications:
Certified Information Systems Auditor (CISA) | Information Systems Audit and Control Association (ISACA) - Information Systems Audit and Control Association (ISACA), Certified Information Systems Security Professional (CISSP) | International Information System Security Certification Consortium (ISC2) - International Information System Security Certification Consortium (ISC2), Cisco Certified Network Professional (CCNP) Security | Cisco - Cisco, CompTIA SecurityX CE | CompTIA - CompTIA, GIAC Certified Enterprise Defender (GCED) | Global Information Assurance Certification (GIAC) - Global Information Assurance Certification (GIAC), GIAC Certified Incident Handler Certification (GCIH) | Global Information Assurance Certification (GIAC) - Global Information Assurance Certification (GIAC)
Experience:
6 + years of related experience
ship Required:
Yes

Job Description:

ACBN Information Systems Security Officer (ISSO)

Location: Ramstein AB, Germany

Security Clearance Level: Secret

Duties/Responsibilities: The Contractor shall maintain regulatory requirements of cyber security for ACBN and give guidance/assistance/ solutions regarding overall cyber readiness. Also, the Contractor shall provide all personnel, knowledge, skills, abilities, staff support and other related resources necessary to perform the RMF services.

• Analyzes and defines security requirements.

• Implement and enforce all AF cyber security policies, procedures, and countermeasures.

• Supports the system assess and authorize (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and DAF policies.

• Ensure all users have the requisite security clearances and need-to-know, complete annual cyber security training, and are aware of their responsibilities before being granted access to IT according to DAFMAN 17-1304.

• Maintain all authorized user access control documentation IAW the applicable AF Records Information Management System.

• Ensure software, hardware, and firmware comply with appropriate security configuration guidelines (e.g., security technical implementation guides /security requirement guides).

• Ensure proper configuration management procedures are followed prior to implementation and contingent upon necessary approval, and coordinates changes or modifications with the enclave-level ISSM or Security Control Assessor (SCA).

• Initiate protective or corrective measures, in coordination with the ISSM, when a security incident or vulnerability is discovered.

• Recommends policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.

• Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.

• Promotes awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals.

• Conducts systems security evaluations, audits, and reviews.

• Recommends systems security contingency plans and disaster recovery procedures.

• Recommends and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.

• Participates in network and systems design to ensure implementation of appropriate systems security policies.

• Facilitates the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.

• Assesses security events to determine impact and implementing corrective actions.

• Ensures the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services.

• Report security incidents or vulnerabilities to the system-level ISSM according to AFI 17-203, Cyber Incident Handling.

• Will execute ISSO duties as outlined in DoDI 8500.01, AFI 17-101, AFI 17-1301, and AF 17-1303 for assigned network enclaves.

• Maintain familiarity with relevant DOD/NIST RMF publications, including NIST 800-53, 800-60, 800-37, DODI 8540.01 CDS Policy, and DOD Directive 5144.02.

Minimum/General Experience: This position requires a minimum of eight years' experience, of which at least six years must be specialized experience in defining computer security requirements for high level applications, evaluation of approved security product capabilities and resolution of computer security problems.

• Extensive knowledge and proficiency with the Risk Management Framework (RMF) and eMASS or XACTA experience.

• Extensive knowledge and proficiency with the Assured Compliance Assessment Solution (ACAS) Vulnerability Scanner

• Extensive knowledge and proficiency with the Security Technical Implementation Guide (STIG) implementation and automation tools such as SCAP, STIG Viewer, eMASSter which are often leveraged for automation.

• A strong technical background, ideal candidates must have familiarity in virtualization technologies, basic networking and industry best practices.

• Expert knowledge and proficiency with Cybersecurity best practices.

• Expert knowledge and understanding of Federal and DoD Cybersecurity regulations and policies.

Minimum Education: A Bachelor's degree in computer science/systems, information systems/technology, engineering/engineering technology, software engineering/programming, management, natural sciences, social sciences, mathematics or business/finance.

Education and experience requirements may be substituted with:

A Master's Degree (in subjects described above) and eight years general experience of which at least six years must be specialized experience.

No degree and thirteen years of general experience of which at least eleven years must be specialized experience.

Certifications: DoDD 8570.01M Information Assurance Technician (IAT) level III baseline certification required.

Additional Requirements: Candidate must meet TESA requirements as follows:

• A Bachelor's Degree and three (3) years of recent specialized experience; or

• Associates Degree and seven (7) years of recent specialized experience; or

• No degree and 11 years or recent specialized experience.

#DefenceOCONUS

The likely salary range for this position is $85,000 - $115,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Total compensation for international positions varies by tax, social security, and immigration statuses, as well as location. Generally, an international assignment may include allowances, premium uplifts, and/or relocation or transportation benefits, above base salary range noted.

Scheduled Weekly Hours:
40

Travel Required:
Less than 10%

Telecommuting Options:
Onsite

Work Location:
International

Additional Work Locations:

Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at
gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans