Job Description
This Information System Security Officer (ISSO) position will support the Information System Security Manager (ISSM) in developing, maintaining and overseeing the cybersecurity of assigned F-35 systems at Site Name .
Typical responsibilities of the ISSO include :
- Ensuring all applicable cybersecurity policy, plans and procedures are followed.
- Ensuring required cybersecurity controls are implemented and validated, to include continuous monitoring actions for assigned systems.
- Supporting the development and maintenance of cybersecurity related plans, procedures and guidance.
- Monitoring and recognizing non-compliance, suspicious and anomalous activity (i.e., threats), and effectively reporting such activity and associated risks to the appropriate parties.
- Ensuring plans of actions and milestones or remediation plans are in place for vulnerabilities identified during monitoring activity, audits, inspections, etc.
and implementing, or overseeing, required corrective actions.
- Conducting role-based cybersecurity training for assigned users.
- Creating, collecting and retaining data to meet reporting requirements.
- Monitoring and correlating data (e.g., logs, events, activity, etc.) from a variety of sources (e.g., Splunk, ELA, ePO, ESS, ACAS, etc.
to identify and mitigate threats, vulnerabilities and non-compliance.
Investigating, analyzing and responding to cyber events, incidents and non-compliance, to include trend analysis, assembling detailed written reports and briefing the appropriate parties.
Assigned systems may vary in classification, capabilities, and complexity. Mission requirements may require other than first-shift work and additional responsibilities as assigned.
Desired skills
- Prior experience as an ISSO, ISSM or related DoD Cyber Workforce Role on one or more F-35 information systems.
- Prior experience ensuring compliance with applicable laws, regulations, guidance and policies as they relate to DoD cybersecurity and SAPs (e.
g., DoDI 8510.01, JSIG, DoDM 5205.07, NIST SP 800 series).
- Prior experience with the system authorization process, associated artifacts and their requirements (e.g., SSP, SCTM, Security CONOPs, SOPs).