Apply on Employer Site

Johns Hopkins Applied Physics Laboratory · 3 days ago

Information System Security Officer (ISSO)

Laurel, MD

Full-time

Onsite

Senior Level

$100K/yr - $228K/yr

6+ years exp

Johns Hopkins Applied Physics Laboratory (APL) is seeking a dedicated Information System Security Officer (ISSO) to protect APL's classified enterprise information technology infrastructure. The ISSO will oversee IS Security Management and ensure compliance with security policies while managing technical issues related to Information Assurance system hardening.

EducationUniversities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Your primary responsibilities are aligned to supporting requirements found in the Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual (DAAPM) version 2.2 and future updates to include: security relevant documentation such as security CONOPS, Security Controls Traceability Matrix's, System Security Plans, Risk Assessment Reports, Contingency Plans

Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security plan

Ensure all proper account management documentation is completed prior to adding and deleting system accounts

Verify all system security documentation is current and accessible to properly authorized individuals

Conduct periodic assessments of authorized systems and providing the ISSM with corrective actions for all identified findings and vulnerabilities

Ensure audit records are collected and analyzed in accordance with the security plan

Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly

Serve as a member of the Configuration Control Board (CCB)

Possess sufficient experience and technical competence commensurate with the complexity of the systems

Ensure user activity monitoring data is analyzed, stored, and protected in accordance with the ITPSO policies and procedures

Execute the continuous monitoring strategy

Perform and analyze weekly security audits for nonstandard events. Implement backup solution and ensure a cohesive disaster recovery plan

Utilize the Enterprise Mission Assurance Support Services (eMASS) accreditation workflow platform

Assist in preparations for and participate in system inspections and take timely action to correct and document any issues or findings and train IS users on items required to eliminate security incidents

Qualification

Cybersecurity policy implementationDCSA DAAPM complianceContinuous monitoring programsDISA STIG implementationSecurity+ certificationCISSP certificationRisk managementIncident responseCommunication skillsOrganizational skills

Required

A minimum of 6 years' experience implementing cybersecurity policy and security controls for classified enterprise information technology systems and have a worked with a Restricted Area, SCIF, or SAPF

Possess a Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering from an ABET accredited or NCAE-C-designated institution

Meet and demonstrate intermediate DoD 8140.03 Cyberspace Workforce Qualification and Management Program requirements through training and/or certifications (Security+, equivalent, or higher)

Have a strong working knowledge with the DCSA DAAPM or JSIG, NISPOM, and DISA cybersecurity policy to support risk-based decisions and ensure compliance across the enterprise

Managed, trained, and led System Administrators (SAs), Information System Owners (ISOs), Information System Security Officers (ISSOs), and other stakeholders to prepare for and meet DCSA DAAPM standards and Defense Information System Agency (DISA) Command Cyber Readiness Inspection (CCRI) or Cyber Operational Readiness Assessment (CORA) standards

Managed, documented, and assisted with implementing DISA Security Technical Implementation Guides (STIGs) for operating systems and applications across the enterprise enclave for a minimum of 1 year

Have a deep understanding of government cybersecurity compliance standards, regulations, and policies with the ability to communicate requirements to all stakeholders, needed to support the enterprise system to include: configuration changes, application patching, incident response, vulnerability mitigation, and risk management

Developed, managed, or had direct implementation responsibility for continuous monitoring programs at the enterprise level

Have a working knowledge of Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), DISA STIG Viewer, Splunk or other cybersecurity relevant tools

Experience with developing and implementing cybersecurity training for SAs, ISOs, ISSOs, and privileged/general users

Experience and technical understanding of high to low / low to high data transfer process

The ability to support enterprise level compliance requirements with minimal and timely manner to include providing clear and concise rational for decisions to all stakeholders

Excellent organizational and communication skills and the ability to effectively interact with managers and technical staff

Hold an active Secret security clearance and ability to obtain and maintain a Top Secret. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship

Preferred

Have more than 10 years' experience implementing cybersecurity policy and security controls for classified enterprise information technology systems and have a worked with a Restricted Area, SCIF, or SAPF

Hold a Master's degree in Information Technology, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering from an ABET accredited or NCAE-C-designated institution

Meet and demonstrate advanced DoD 8140.03 Cyberspace Workforce Qualification and Management Program requirements through training and/or certifications (CISSP, equivalent, or higher)

Have cybersecurity compliance experience supporting Collateral, SCI, or SAP Top Secret enterprise information systems

Have experience in cybersecurity supporting domains such as intelligence analysis, Security Operations Center (SOC) support, governance and/or risk management, Development, Security, Operations (DevSecOps), computer forensics, policy creation, technical writing, incident response, disaster recover, etc

Have working familiarity with Director of Central Intelligence Directives (DCID) or Intelligence Community Directives (ICD) security requirements

Have direct experience working for a University Affiliated Research Center (UARC), Department of Defense (DoD) or Department of Energy (DOE) or similar research facilities

Benefits

Generous benefits

Robust education assistance program

Unparalleled retirement contributions

Healthy work/life balance

Comprehensive benefits package including retirement plans, paid time off, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, education assistance, and training and development

Company

Johns Hopkins Applied Physics Laboratory

The Johns Hopkins Applied Physics Laboratory (APL) is a not-for-profit university-affiliated research center (UARC) that provides solutions to complex national security and scientific challenges with technical expertise and prototyping, research and development, and analysis.

Founded in 1942

Laurel, Maryland, USA

5001-10000 employees