Information System Security Officer

Overview Bowhead seeks an Information System Security Officer to support our customer on the PICRD II contract in Colorado Springs, CO. Responsibilities

• Contribute to planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations.
• Act as alternate COMSEC Responsible Officer (CRO), as designated by ISSM, and manage any additional sub-account users as required.
• Assist in ensuring all classified and controlled systems comply with government-defined security requirements and federal regulations.
• Support the functions of SL-ISSM and SL-ISSO for HQ USSPACECOM sponsored projects up to Top Secret Collateral classification, including SAPs.
• Ensure system authorization packages consider requirements from government agencies and system stakeholders.
• Support HQ USSPACECOM Joint Cyber Cell (JCC) in complying with cyber tasking orders and IA / cybersecurity programs.
• Assist in vulnerability testing and risk analysis as part of DoD and Air Force authorization processes.
• Identify and implement security hardening and corrective actions for hardware, software, applications, and business management procedures.
• Ensure proper implementation of corrective actions and support planning / execution of risk management activities.
• Baseline and improve USSPACECOM risk and security posture, including threat updates, security configuration control, and system security review for software / system purchases and integration.
• Review Cybersecurity Network Defense (CND) tool reports and work with USSPACECOM Government Cyber leadership on RMF packages and ATO status updates.
• Provide updates for monthly documentation on system status, cybersecurity posture, and executive status briefings.
• When ISSM is not available, participate in the Cybersecurity Working Group (CSWG).
• Assist in development, implementation, oversight, and maintenance of an organization cybersecurity program.
• Assist to administer the cybersecurity program, enforce cybersecurity policies / procedures, and ensure all users have requisite security clearances and cybersecurity training.
• Ensure users receive cybersecurity refresher training annually and maintain required countermeasures and compliance measures.
• Assist with implementation and compliance measures IAW DoDI 8010.01, DoDI 8510.01, DoDI 8500.01, AFMAN 17-130, and AFI 10-712.
• Initiate requests for exceptions, deviations, or waivers to cybersecurity requirements and criteria.
• Support and coordinate with the Data Custodian and Government Project Owner / Manager for information security risk management.
• Maintain current system information in the approved RMF accreditation system and conduct hardware / software inventory assessments.
• Provide initial and recurring A&A Interim Authority to Test (IATT) and Authority to Connect (ATO) packages.
• Ensure RMF and ATO packages are complete, accurate, and ready for Command ISSM and AO review.
• Assist with assessments by the Defense Industrial Base Cybersecurity (DIB CS) / Cybersecurity office.
• Review the audit trail of systems weekly for abnormal activities and provide requested metrics (at least once per month).
• Support with NOTAMs, IAVAs, and other security / vulnerability advisories. Qualifications
• BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE institution.
• Over four years of technical experience.
• Meets the Core and Additional Knowledge, Skills, and Abilities Tasks (KSATs) defined in the DCWF for Work Role 612 (NIST : SP-RM-002).
• Experience performing as a COMSEC Responsible Officer (CRO). Experience creating messages required, for the COMSEC controlling authority’s approval, to obtain NSA’s approval to issue Keying Material (KEYMAT).
• Experience keying, configuring, initializing and operating COMSEC equipment, troubleshooting system failures.
• Experience conducting vulnerability testing and analysis on DoD networks.
• Experience developing RMF packages and conducting ATO Status updates to include drafting of Assessment and Authorities (A&A) Interim authority to Test (IATT) and Authority to Connect (ATC) packages.
• Experience with COMSEC, Computer Security (COMPUSEC), and TEMPEST.
• Experience on Notice to Airman (NOTAM) and Information Assurance Vulnerability Alert (IAVA) and security / vulnerability advisories. Certification Requirements :
• Required : CompTIA Sec+
• Desired : CASP+, Cloud+, GSEC, PenTest+ SECURITY CLEARANCE REQUIRED : Must currently hold a Top Secret security clearance with SCI eligibility. Physical Demands :
• Must be able to lift up to 25 pounds
• Must be able to stand and walk for prolonged amounts of time
• Must be able to twist, bend and squat periodically #LI-DNI MN1