ACBN Information Systems Security Officer (ISSO)

ACBN Information Systems Security Officer (ISSO)  

Location: Ramstein AB, Germany 

Security Clearance Level: Secret  

Duties/Responsibilities: The Contractor shall maintain regulatory requirements of cyber security for ACBN and give guidance/assistance/ solutions regarding overall cyber readiness. Also, the Contractor shall provide all personnel, knowledge, skills, abilities, staff support and other related resources necessary to perform the RMF services.   

• Analyzes and defines security requirements.  

• Implement and enforce all AF cyber security policies, procedures, and countermeasures. 

• Supports the system assess and authorize (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and DAF policies.  

• Ensure all users have the requisite security clearances and need-to-know, complete annual cyber security training, and are aware of their responsibilities before being granted access to IT according to DAFMAN 17-1304. 

• Maintain all authorized user access control documentation IAW the applicable AF Records Information Management System. 

• Ensure software, hardware, and firmware comply with appropriate security configuration guidelines (e.g., security technical implementation guides /security requirement guides). 

• Ensure proper configuration management procedures are followed prior to implementation and contingent upon necessary approval, and coordinates changes or modifications with the enclave-level ISSM or Security Control Assessor (SCA). 

• Initiate protective or corrective measures, in coordination with the ISSM, when a security incident or vulnerability is discovered. 

• Recommends policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.   

• Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.   

• Promotes awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals.   

• Conducts systems security evaluations, audits, and reviews.   

• Recommends systems security contingency plans and disaster recovery procedures.   

• Recommends and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.   

• Participates in network and systems design to ensure implementation of appropriate systems security policies.   

• Facilitates the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.   

• Assesses security events to determine impact and implementing corrective actions.   

• Ensures the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services.   

• Report security incidents or vulnerabilities to the system-level ISSM according to AFI 17-203, Cyber Incident Handling. 

• Will execute ISSO duties as outlined in DoDI 8500.01, AFI 17-101, AFI 17-1301, and AF 17-1303 for assigned network enclaves. 

• Maintain familiarity with relevant DOD/NIST RMF publications, including NIST 800-53, 800-60, 800-37, DODI 8540.01 CDS Policy, and DOD Directive 5144.02.  

Minimum/General Experience: This position requires a minimum of eight years’ experience, of which at least six years must be specialized experience in defining computer security requirements for high level applications, evaluation of approved security product capabilities and resolution of computer security problems.  

• Extensive knowledge and proficiency with the Risk Management Framework (RMF) and eMASS or XACTA experience.  

• Extensive knowledge and proficiency with the Assured Compliance Assessment Solution (ACAS) Vulnerability Scanner  

• Extensive knowledge and proficiency with the Security Technical Implementation Guide (STIG) implementation and automation tools such as SCAP, STIG Viewer, eMASSter which are often leveraged for automation.  

• A strong technical background, ideal candidates must have familiarity in virtualization technologies, basic networking and industry best practices.  

• Expert knowledge and proficiency with Cybersecurity best practices.  

• Expert knowledge and understanding of Federal and DoD Cybersecurity regulations and policies.  

Minimum Education: A Bachelor’s degree in computer science/systems, information systems/technology, engineering/engineering technology, software engineering/programming, management, natural sciences, social sciences, mathematics or business/finance.  

Education and experience requirements may be substituted with:  

A Master’s Degree (in subjects described above) and eight years general experience of which at least six years must be specialized experience.  

No degree and thirteen years of general experience of which at least eleven years must be specialized experience.  

Certifications:   DoDD 8570.01M Information Assurance Technician (IAT) level III baseline certification required.   

Additional Requirements: Candidate must meet TESA requirements as follows:   

• A Bachelor’s Degree and three (3) years of recent specialized experience; or  

• Associates Degree and seven (7) years of recent specialized experience; or  

• No degree and 11 years or recent specialized experience.  

#DefenceOCONUS