Tactical Systems ISSO jobs in United States
cer-icon
Apply on Employer Site
company-logo

COLSA · 1 day ago

Tactical Systems ISSO

positionHuntsville, AL
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
date10+ years exp

COLSA is a company focused on providing advanced technology solutions, and they are seeking a Tactical Systems Information System Security Officer (ISSO) to implement and document NIST 800-53 security controls. The role involves ensuring a healthy cybersecurity posture for tactical IT systems and maintaining Authorization to Operate under the Risk Management Framework.

Cyber SecurityInformation TechnologySoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Provides network and security operations technical analysis, assessment, and recommendations
Identifies where systems/networks deviate from acceptable configurations, enclave policy, or local policy
Conducts audits to ensure information systems security policies and procedures are implemented as defined in security plans and best practices
Performs detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards
Establishes strict program control processes and policies to ensure mitigation of risks and supports obtaining certification and accreditation of systems
Supports the formal testing requirements through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports
Performs evaluations (compliance audits) and/or active evaluations (vulnerability assessments)
Oversee the development and implementation of security policies and procedures that align with the organization’s mission and goals
Ensure that IT supply chain security and risk management policies and requirements are met as they relate to cybersecurity
Advise appropriate leadership (e.g., Program Information System Security Manager, Authorizing Official Designated Representative, etc.) of security relevant changes affecting the organization’s cybersecurity posture
Update and maintain enterprise Mission Assurance Support System (eMASS) records for information systems and platforms
Create or update system Authorization Boundary Diagrams, Information or Data Flow Diagrams, and Security Architectures
Ensure that assigned IT systems, platforms, or applications can receive an ATO or Assess Only Approval
Review existing documentation and perform edits and updates to ensure the applicable security controls continue to be met and remain effective
Conduct Annual Security Reviews (ASR) and FISMA Reviews for Information System records in eMASS
Review, create or update a variety of DOD and RMF documentation (including but not limited to Security Plans (SP), Configuration Management Plans (CMP), Incident Response Plans (IRP), Contingency Plans (CP), Access Control Policies, and other Assessment & Authorization (A&A) artifacts)
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network or system operations
Identify the correct applicable Security Technical Implementation Guide (STIG) and Security Requirements Guides (SRG) for technologies used with systems and also test and apply them to the components of the information system
Identify and address applicable Cyber Tasking Orders, alerts, advisories, errata, and bulletins published from authoritative sources across the organization
Identify and properly document deviations, vulnerabilities, and mitigations on the system Plan of Actions and Milestones (POA&M) in eMASS, to include importing results from technical scans into eMASS and managing the resulting POA&M items
Use a variety of cybersecurity tools that include, but are not limited to, enterprise Mission Assurance Support System (eMASS), Security Content Automation Protocol (SCAP) Compliance Checker (SCC), Assured Compliance Assessment Solution (ACAS)/Nessus Vulnerability Scanner, Evaluate-STIG, eMASSter, DISA STIG Viewer, etc
Perform detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards where appropriate
Support the formal testing requirements through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports as needed
Perform evaluations (e.g., internal compliance audits) and/or active evaluations (e.g., vulnerability assessments) of systems to assess Cybersecurity posture and identify mitigations for risks
Perform routine vulnerability scanning using ACAS/Nessus and STIG configuration compliance scans in accordance with organizational time frames and requirements
Select, justify, and obtain approval for the correct impact levels for Confidentiality, Integrity, and Availability as well as identify and implement applicable control overlays for system records
Performs detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards
Support meetings with system or information owners, stakeholders, user representatives, engineers, administrators, and leadership to ensure that cybersecurity considerations are addressed across the team and organization

Qualification

NIST 800-53EMASSACAS/NessusRisk Management FrameworkSecurity+CE certificationDISA STIGPlans of ActionsMilestonesIncident responseCommunication skillsSelf-motivated

Required

Bachelor's Degree in related field
Minimum of 10 years of work related experience
At a minimum, current and active Security+CE certification, equivalent, or higher
Strong written and verbal communication skills
Expertise in working in the DOD enterprise Mission Assurance Support System (eMASS)
Experience creating and managing Plans of Actions and Milestones (POA&M) within eMASS
Experience assessing and implementing DISA Security Technical Implementation Guides (STIG) and Security Requirement Guides (SRG)
Expertise in performing DOD Assurance Compliance Assessment Solution (ACAS) or Nessus vulnerability scanning
Experience with Assessment & Authorization (A&A) (formerly Certification & Accreditation) as it relates to achieving Authorization to Operate (ATO) under the Risk Management Framework (RMF)
Self-motivated and able to support customer needs
US Citizenship required
DoD Secret security clearance required

Preferred

Master's Degree in related field preferred
Certified Information Systems Security Professional (CISSP)
Information Systems Security Management Professional (CISSP-ISSMP)
Certified Governance Risk and Compliance (CGRC) (formerly CAP)
Knowledge of: Cybersecurity for tactical systems and Type Authorized deployed systems
Risk management processes (e.g., methods for assessing and mitigating risk)
NIST SP 800-53 Rev5 Controls and Procedures
Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Information security program management and project management principles and techniques
System life cycle management principles, including software security
Server administration and systems engineering theories, concepts, and methods
Reporting and remediating vulnerabilities from tasking orders, alerts, advisories, errata, and bulletins
Incident response and handling methodologies

Company

COLSA

twittertwittertwitter
company-logo
COLSA's full-scale capabilities include cyber and information warfare, rapid prototyping and engineering, uncrewed systems, acquisition, logistics, studies and analysis, data science, and systems and software engineering.
dateFounded in 1980
location
Huntsville, Alabama, USA
people-size1001-5000 employees
web-link
http://www.colsa.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Van Corum
Deputy CEO & CFO
linkedin
leader-logo
Ivan Garcia
Chief Technology Officer
linkedin
Company data provided by crunchbase