ISSO responsibilities for new or existing system(s) may include:
• Perform tasks delegated by the ISSM in support of various information assurance programs such as security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures including System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM)
• Maintain operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed
• Perform vulnerability/risk assessment analysis to support Assessment & Authorization (A&A)
• Reviews and analyzes system audit logs to identify anomalous activity and potential threats to network resources
• Conduct vulnerability scans and recognizing vulnerabilities in security systems
• Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to acceptable security levels
• Apply a full range of Cybersecurity policies, principles, and techniques to maintain the security integrity of information systems processing classified information
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk
• Work with government customers to support computer security incidents and vulnerability compliance
• Input and maintain system documentation into government record-keeping systems Xacta
• Provide Configuration Management for security-relevant information system software, hardware, and firmware;
• Perform risk analysis whenever an application or system undergoes a major change
• Provide input to the Risk Management Framework process activities and related documentation
Full time work in SCIF is required, but hours are flexible
