Information System Security Officer

Overview

Bowhead seeks an Information System Security Officer to support our customer on the PICRD II contract in Colorado Springs, CO.

Responsibilities

• Contribute to planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations. • Act as alternate COMSEC Responsible Officer (CRO), as designated by ISSM, and manage any additional sub-account users as required. • Assist in ensuring all classified and controlled systems comply with government-defined security requirements and federal regulations. • Support the functions of SL-ISSM and SL-ISSO for HQ USSPACECOM sponsored projects up to Top Secret Collateral classification, including SAPs. • Ensure system authorization packages consider requirements from government agencies and system stakeholders. • Support HQ USSPACECOM Joint Cyber Cell (JCC) in complying with cyber tasking orders and IA/cybersecurity programs. • Assist in vulnerability testing and risk analysis as part of DoD and Air Force authorization processes. • Identify and implement security hardening and corrective actions for hardware, software, applications, and business management procedures. • Ensure proper implementation of corrective actions and support planning/execution of risk management activities. • Baseline and improve USSPACECOM risk and security posture, including threat updates, security configuration control, and system security review for software/system purchases and integration. • Review Cybersecurity Network Defense (CND) tool reports and work with USSPACECOM Government Cyber leadership on RMF packages and ATO status updates. • Provide updates for monthly documentation on system status, cybersecurity posture, and executive status briefings. • When ISSM is not available, participate in the Cybersecurity Working Group (CSWG).• Assist in development, implementation, oversight, and maintenance of an organization cybersecurity program. • Assist to administer the cybersecurity program, enforce cybersecurity policies/procedures, and ensure all users have requisite security clearances and cybersecurity training. • Ensure users receive cybersecurity refresher training annually and maintain required countermeasures and compliance measures. • Assist with implementation and compliance measures IAW DoDI 8010.01, DoDI 8510.01, DoDI 8500.01, AFMAN 17-130, and AFI 10-712. • Initiate requests for exceptions, deviations, or waivers to cybersecurity requirements and criteria. • Support and coordinate with the Data Custodian and Government Project Owner/Manager for information security risk management. • Maintain current system information in the approved RMF accreditation system and conduct hardware/software inventory assessments. • Provide initial and recurring A&A Interim Authority to Test (IATT) and Authority to Operate (ATO) packages. • Ensure RMF and ATO packages are complete, accurate, and ready for Command ISSM and AO review. • Assist with assessments by the Defense Industrial Base Cybersecurity (DIB CS)/Cybersecurity office. • Review the audit trail of systems weekly for abnormal activities and provide requested metrics (at least once per month). • Support with NOTAMs, IAVAs, and other security/vulnerability advisories.

Qualifications

• BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE institution. • Over four years of technical experience. • Meets the Core and Additional Knowledge, Skills, and Abilities Tasks (KSATs) defined in the DCWF for Work Role 612 (NIST: SP-RM-002). • Experience performing as a COMSEC Responsible Officer (CRO). Experience creating messages required, for the COMSEC controlling authority’s approval, to obtain NSA’s approval to issue Keying Material (KEYMAT). • Experience keying, configuring, initializing and operating COMSEC equipment, troubleshooting system failures. • Experience conducting vulnerability testing and analysis on DoD networks.• Experience developing RMF packages and conducting ATO Status updates to include drafting of Assessment and Authorities (A&A) Interim authority to Test (IATT) and Authority to Connect (ATC) packages. • Experience with COMSEC, Computer Security (COMPUSEC), and TEMPEST.• Experience on Notice to Airman (NOTAM) and Information Assurance Vulnerability Alert (IAVA) and security/vulnerability advisories.

Certification Requirements: • Required: CompTIA Sec+

• Desired: CASP+, Cloud+, GSEC, PenTest+

SECURITY CLEARANCE REQUIRED: Must currently hold a Top Secret security clearance with SCI eligibility.

Physical Demands:• Must be able to lift up to 25 pounds• Must be able to stand and walk for prolonged amounts of time• Must be able to twist, bend and squat periodically

#LI-MN1