Duties/Tasks and Responsibilities:
Perform all ISSO related duties as required by ICD 503, applicable NRO, IC, DoD policies, procedures and operating instructions related to information Technology, Information Assurance, Information Management (IT/IA/IM)
• Manage the day-to-day system security including physical and environmental protection, incident handling, and information system security training and awareness.
• Maintain the system security plan (SSP), and other related documents, following NRO, IC, and DoD applicable policies, procedures, and templates.
• Maintain and update asset record in SNOW
• Perform continuous monitoring (ConMon) and periodic self-inspections of information systems to ensure security compliance
• Review Nessus security scans, communicate vulnerabilities to technical stakeholders, and perform remediation
• Support customer responses to ongoing information system audits and reviews in accordance with established schedules
• Ensure change control requirements are documented and tracked
• Monitor and track status of applicable patches including IA Vulnerability Alerts (IAVA), IA Vulnerability Bulletins (IAVB) and Technical Advisories (IA) for the information system.
• Conduct periodic reviews of Privileged User (PU) accounts (Developer, Admin, etc.)
• Assist in the creation of new policies/procedures as needed
• Perform Configuration and Change Management for the security relevant IS software, hardware, and firmware, Event Management, Vulnerability Management, Security Incident Management, POA&M Management, Reauthorization, and Decommissioning of IT asset environments
• Maintain Approval to Operate (ATO), including the resolution of any Plans of Action & Milestones (POA&M) documents
• Maintain and validate account and vulnerability management
• Control, label, virus scan, and appropriately transfer data (uploading/downloading) between various information systems as required and Portable Electronic Device (PED) registrations and tracking.
• Provide security design guidance and analysis to the project team throughout the RMF process
• Perform reviews of technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommended mitigation strategies
• Develop and maintain a Data Loss Prevention process to investigate, track, and mitigate security incidents.
• Responsible for implementing and maintaining security services tools within the Risk Management Framework (RMF).
• Provide briefings on the network security posture and compliance status of assigned system(s) to Security Management
