Information System Security Officer (Advanced)
Lockheed Martin •
Position Type: Permanent
Job Description:
Description:In this role, the candidate will function as the Information System Security Officer (ISSO). The ISSO performs as a technical liaison in support of the security standards and requirements relevant to the NIST Risk Management Framework (RMF). The desired candidate will possess a working understanding of the NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations combined with a high degree of technical skills obtained through systems engineering or systems administration. The candidate must have working experience with the development, implementation, and maintenance of either the Linux and/or Microsoft Windows operating systems and supporting applications.
Overall, the ISSO is responsible for the oversight of the information system’s security posture and will develop/revise the necessary RMF documentation to support the authorization of the individual systems. Standard RMF artifacts include the System Security Plan (SSP), Plan of Action and Milestones (POA&M), Security Controls Traceability Matrix (SCTM), hardware and software inventories and network topology diagrams. The ISSO also assists in the development and implementation of relevant security policies and procedures required by assessment and authorization activities associated with any of the following guidance directives:
• Intelligence Community Directive 503 (ICD-503)
• DCSA Assessment and Authorization Process Manual (DAAPM)
• National Industrial Security Program Operating Manual (NISPOM Chapter 8)
• Joint Special Access Program (SAP) Implementation Guide (JSIG)
Effective communication is a key attribute within this role. The ISSO provides guidance and direction to program personnel. The ISSO also works closely with the system administrators and network engineers to ensure security patches and secure configurations commensurate with Security Technical Implementation Guides (STIGs) are applied in a timely fashion. Some working knowledge of Industry Standard tools for purposes of audit reduction, vulnerability scanning, and malware detection is preferred. Relevant tools include but are not limited to: Splunk, Tenable Nessus, Host Based Security System (HBSS), Security Content Automation Protocol (SCAP) Checker and STIG viewer.
The ISSO is also a primary stakeholder and facilitator of the continuous monitoring efforts that promote RMF compliance throughout the organization. The ISSO is required to routinely monitor the applicable security controls selected for the information system(s) using a blend of automated and manual techniques. This ensures that the security controls are: (1) being met and (2) implemented correctly with respect to the environment. Deficiencies and weaknesses identified throughout the process will be reported back to the ISSM.
Additional support activities include:
• Perform routine self-inspection reviews of the information systems.
• Perform comprehensive investigations of computer security incidents and ensuring proper measures are taken post discovery of the incident / event.
• Manage and execute the information security continuous monitoring requirements relevant to the system.
• Oversee the compliance of security settings within operating systems and applications integrated in the classified information systems under the candidate’s purview.
• Act as a liaison with government agency representatives, such as the Security Control Assessors (SCA).
• Ensuring that configuration management policies and procedures are followed while authorizing the use of hardware / software on an information system and perform assessments of those changes.
• Provide policy and procedure interpretation associated with Program and Cyber Security disciplines (NISPOM, DAAPM, JSIG, ICD, etc.).
• Participate in programmatic Review Boards and Technical Exchange Meetings.
Basic Qualifications:
• Hands on experience with the Windows operating system
• Final Top Secret Clearance w/SCI
• Full Scope Polygraph
• Full understanding of the Risk Management Framework (RMF) process & requirements.
• Strong interpersonal and communication skills
• Security+ CE or another DoD 8570/8140 Information Assurance Management certification, preferably CISSP, CISM, and/or CASP+ CE
**This position will support two Lockheed Martin facilities located in Hanover, MD and Washington D.C. However, the majority of the work for the role is performed at the Hanover, MD facility.
Desired Skills:
• Relevant ISSO, ISSM, and/or ISSE experience in the cybersecurity career field
• Exposure to providing technical systems support from the perspective of a System Administration and/or Systems Engineer
• Experience supporting the Intelligence Communitys specific RMF processes and procedures
• Knowledge of the Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs) and configuration standards
• Experience interpreting Security Directives, Policies, Publications and Regulations and applying those in a practical way for a cybersecurity program
Security Clearance Statement: This position requires a government security clearance, you must be a US Citizen for consideration.
Clearance Level: TS/SCI w/Poly
Other Important Information You Should Know
Expression of Interest: By applying to this job, you are expressing interest in this position and could be considered for other career opportunities where similar skills and requirements have been identified as a match. Should this match be identified you may be contacted for this and future openings.
Ability to Work Remotely: Onsite Full-time: The work associated with this position will be performed onsite at a designated Lockheed Martin facility.
Work Schedules: Lockheed Martin supports a variety of alternate work schedules that provide additional flexibility to our employees. Schedules range from standard 40 hours over a five day work week while others may be condensed. These condensed schedules provide employees with additional time away from the office and are in addition to our Paid Time off benefits.
Schedule for this Position: 4x10 hour day, 3 days off per week
Lockheed Martin is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
The application window will close in 90 days; applicants are encouraged to apply within 5 - 30 days of the requisition posting date in order to receive optimal consideration.
At Lockheed Martin, we use our passion for purposeful innovation to help keep people safe and solve the worlds most complex challenges. Our people are some of the greatest minds in the industry and truly make Lockheed Martin a great place to work.
With our employees as our priority, we provide diverse career opportunities designed to propel, develop, and boost agility. Our flexible schedules, competitive pay, and comprehensive benefits enable our employees to live a healthy, fulfilling life at and outside of work. We place an emphasis on empowering our employees by fostering an inclusive environment built upon integrity and corporate responsibility.
If this sounds like a culture you connect with, you’re invited to apply for this role. Or, if you are unsure whether your experience aligns with the requirements of this position, we encourage you to search on Lockheed Martin Jobs, and apply for roles that align with your qualifications.
Experience Level: Experienced Professional
Business Unit: RMS
Relocation Available: Possible
Career Area: Cyber Security Governance and Risk Compliance
Type: Full-Time
Shift: First
• Relevant ISSO, ISSM, and/or ISSE experience in the cybersecurity career field
• Exposure to providing technical systems support from the perspective of a System Administration and/or Systems Engineer
• Experience supporting the Intelligence Communitys specific RMF processes and procedures
• Knowledge of the Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs) and configuration standards
• Experience interpreting Security Directives, Policies, Publications and Regulations and applying those in a practical way for a cybersecurity program
Job Ident #:
60937279040
(Job and company information not to be copied, shared, scraped, or otherwise disseminated/distributed without explicit consent of JSfirm, LLC)