Job Description
At Lockheed Martin Rotary and Mission Systems (RMS), we are driven by innovation and integrity. We believe that by applying the highest standards of business ethics and visionary thinking, everything is within our reach and yours as a Lockheed Martin employee.
Lockheed Martin values your skills, training, and education. Come and experience your future!
This position requires the candidate to function as the Information System Security Officer (ISSO) for multiple programs and performs as a technical liaison in support of the security standards and requirements relevant to the NIST Risk Management Framework (RMF) Step 1 thru Step 6 for the information systems.
The desired candidate will possess a working understanding of the NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations combined with a high degree of technical skills obtained through systems engineering or systems administration.
The candidate must have working experience with the development, implementation, and maintenance of either the Linux and / or Microsoft Windows operating systems and supporting applications.
The ISSO is responsible for the oversight of the information system’s security posture with emphasis placed on the application and sustainment of the security controls.
In doing so, the primary functions include development and maintenance of the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and Security Controls Traceability Matrix (SCTM) as primary RMF deliverables.
The ISSO also performs routine system auditing as well as vulnerability and compliance scanning throughout the entire lifecycle of the system.
Development and implementation of relevant security policies and procedures required by assessment and authorization activities also apply based on any of the following guidance directives :
- Intelligence Community Directive 503 (ICD-503)
- DCSA Assessment and Authorization Process Manual (DAAPM)
- National Industrial Security Program Operating Manual (NISPOM Chapter 8)
- Joint Special Access Program (SAP) Implementation Guide (JSIG)
Effective communication is a key attribute within this role. The ISSO provides clear direction and assists programmatic IT and infrastructure support personnel with the application of security patches and secure configurations commensurate with Security Technical Implementation Guides (STIGs).
Routine collaboration and consultation with the Information System Security Manager (ISSM) regarding the design, development, integration, and analysis of classified information systems is required.
Working knowledge of Industry Standard tools for purposes of audit reduction, vulnerability scanning, and malware analysis is preferred.
Relevant tools include but are not limited to : Splunk, Tenable Nessus, Host Based Security System (HBSS) components, Security Content Automation Protocol (SCAP) Checker and STIG viewer.
The ISSO is also a primary stakeholder and facilitator of the continuous monitoring efforts that promote RMF compliance throughout the organization.
In doing so, the ISSO will routinely monitor the applicable security controls assigned to programs and systems using a blend of automated and manual techniques.
This ensures that the security controls are : (1) being met and (2) implemented correctly with respect to the environment.
Deficiencies and weaknesses identified throughout the process will be reported back to the ISSM.
Primary support activities include :
- Perform routine self-inspection reviews of the information systems.
- Perform comprehensive investigations of computer security incidents and ensuring proper measures are taken post discovery of the incident / event.
- Manage and execute the information security continuous monitoring requirements relevant to the system.
- Oversee the compliance of security settings within operating systems and applications integrated in the classified information systems under the candidate’s purview
Desired skills
- Experience working with classified information systems.
- Previous experience supporting SAP / SCI environments.
- Relevant ISSO / ISSE experience within the DoD or Intelligence Community.
- Knowledge of the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and configuration standards.
- Experience with Security Directives, Policies, Publications and Regulations.