texascomputer | Future Information Systems Security Officer - ISSO in Houston, TX

Future Information Systems Security Officer - ISSO

  • Engineering Solutions and Products
  • $62,495.00 - 146,840.00 / Year *
  • 2702 Washington Ave
  • Houston, TX 77209
  • Full-Time
save job button



This position is slated to start April 2019.

Information Systems Security Officer (ISSO) Support:

* Provide oversight of all aspects of day-to-day operations, ensuring that the security posture is sustained and that the residual level of risk is always at an acceptable level as determined by the 25th Air Force A6 POC - who is the only entity that can determine security posture and acceptable level of risk.
* Work closely with unit personnel to implement a government approved viable network security program at each location. In addition, they shall aid site ISSM's and System Administrators in the daily administration of the unit's mission secure computer systems.

Individual Access Control:

* Ensure that control is maintained by verifying individual access requirements. Ensure that confidentiality, integrity, and availability of the data and the protection level of the system are provided.
* Ensure all users have the requisite security clearances, authorizations, and need-to-know, and are aware of their security responsibilities before granting access to information systems. All appropriate caveats and NATO SECRET are needed for access to Joint Worldwide Intelligence Communications System (JWICS).
* Validate, in writing, all requests for privileged users accounts within established timeframe
* Provide Information Assurance Awareness (IAA) training to all Information Assurance (IA) personnel.
* Ensure all users accomplish IAA training prior to receipt of their account and annually thereafter. This training will be documented and provided to Communications Unit.
* Provide documentation for developing a method for account password strength testing that is not accessible thru Common Access Card (CAC) login.

Incident Response and Vulnerability:

* Ensure proper protection or corrective measures are immediately taken when an incident or vulnerability is discovered within a system.
* Provide emergency operational support for information system security events involving information systems within their purview.
* Report all security-related incidents to the site ISSM for up-channeling to the ANG Chief Information Security Officer (CISO) and the Air Force Intelligence Community Security Coordination Center (AF IC SCC).
* Initiate, with the approval of the IAM, protective or corrective measures when a security incident or vulnerability is discovered.
* Complete and submit initial security incident reports to the site ISSM within 2 hours after an event occurs. Ensure after-action security incident reports are complete, accurate, and provided in a timely manner.

Information Assurance Officer Configuration Management Support:

* Ensure information systems (at the local site) are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in pertinent information systems CONOPS, Distributed Common Ground System Configuration Management Plan (DCGS CMP), local Standard Operating Procedures (SOPs) and the System Security Plan (SSP).Conduct periodic reviews at a minimum once per quarter unless there have been significant baseline changes to ensure compliance with the SSP.
* Ensure all security-relevant information system software, hardware, and firmware is maintained and documented IAW pertinent Configuration Management Plans.
* Monitor the system recovery processes to ensure security features and procedures are properly restored.
* Ensure all information system security-related documentation is current and accessible to authorized individuals.
* Notify the ANG CISO and the Authorizing Official (AO) when a system no longer processes intelligence information.
* Notifications are provided within the timeframes established by AF IC SCC; timeframes are dependent upon the criticality of the situation.
* Ensure system security requirements are addressed during all phases of the information system life cycle.
* Follow procedures developed by the ACC A2/S A2Y& /25th Accreditors authorizing software, hardware, and firmware use before implementation on the information system.

Information System Safeguards:

* Ensure security safeguards and features are implemented for the information system and network.
* Ensure warning banners are placed on all monitors and appear when a user accesses a system.
* Establish audits and complete event log with an in-depth review.
* Ensure user identification and authentication mechanisms of the information system or network are established.
* Monitoring for the purpose of identifying deficiencies, only with approved software, and after notifying the IAM and other appropriate authorities.
* Coordinate and conduct information system security inspections, tests, and reviews.
* Provide documentation for installation backup and recovery plan and procedures for securing audit trails.
* Review backup logs and verify backups have been tested.
* Perform magnetic media inventories at least once a year. Report shall be signed and dated, and all findings recorded and reported to the ISSM.
* Perform vulnerability assessments IAW pertinent Department of Defense security policies.
* Provide potential solutions to security and emergency system change (s) that have been identified as security risks along with modification details. Results are provided to the site ISSM.

Incident Response and Vulnerability Services:

* Ensure proper protection or corrective measures are immediately taken when an incident or vulnerability is discovered within a system.
* Provide emergency operational support for information system security events involving information systems within their purview.
* Report all security-related incidents to the site ISSM for up-channeling to the ANG CISO and the Air Force Intelligence Community Security Coordination Center (AF IC SCC).
* Initiate, with the approval of the ANG CISO and/or AF IC SCC, protective or corrective measures when a security incident or vulnerability is discovered.
* Complete and submit initial security incident reports to the site ISSM within 2 hours after an event.
* Ensure after-action security incident reports are complete, accurate, and provided in the established timeframe.

Configuration Management Services Related to ISSO:

* Ensure information systems (at the local site) are documented, operated, maintained, and configured in accordance with internal security policies and practices outlined in pertinent information systems CONOPS, Distributed Common Ground System Configuration Management Plan (DCGS CMP), local Standard Operating Procedures (SOPs) and the System Security Plan (SSP).
* Ensure all security-relevant information system software, hardware, and firmware is maintained and documented In Accordance with (IAW) pertinent Configuration Management Plans. Monitor the system recovery processes to ensure security features and procedures are properly restored.
* Ensure all information system security-related documentation is current and accessible to authorized individuals.
* Notify the ANG CISO and the Authorizing Official (AO) when a system no longer processes intelligence information. Notify the site ISSM and/or ANG CISO when changes occur that might affect accreditation.
* Notification timeframes are established dependent upon the criticality of the situation.
* Ensure system security requirements are addressed during all phases of the information system life cycle.
* Ensure AF Form 1067s are accurately completed by unit personnel prior to submittal.
* Ensure Deficiency Reports are thoroughly and accurately completed prior to submission into the logistics processing system.
* Track status of new capability requirements, deficiency reports, drawing change requests, and trouble tickets to provide the site leadership current state.
* Track installation planning for site upgrades. Maintain a site timeline depicting the original planned, adjusted plan, and current plans for all incoming capability modifications.
* Provide oversight to conduct mission system configuration inspections, tests, and reviews.
* Provide documentation for installation backup and recovery plan and procedures for securing audit trails.
* Review backup logs and verify backups have been tested.

Security Clearance:

Required to possess an active Top Secret/SCI Security Clearance.

Certifications:

Microsoft expertise and Security + required.

Qualifications:

* Possess and maintain, at a minimum the specified Information Assurance certification as identified in the DoD 8570.01-M listing for IAM Level I Information Assurance professionals.
* May require A+, Network+, CISSP (Certified Information System Security Professional) and/or equivalent certifications.

Experience:

* Extensive experience and judgment to plan and accomplish goals. Performs a variety of complex tasks.
* Experience with technical manuals and brochures to determine equipment that meets establishment requirements. Monitors system performance. Conducts a survey to determine user needs.
* Experience with supporting weapon systems, ORACLE, SUN, CISCO, UNIX and LINUX.
* Experience or certification in the following areas: Solaris System Administration, Solaris Network Administration or Department of Defense Computer Security.

.


Associated topics: metal detection, patrol officer, protection, public safety officer, safety report, secure, security officer, surveillance, unarmed, university


* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.