Information Systems Security Officer

About Aleut Federal

Aleut Federal is an Alaskan Native-owned enterprise dedicated to supporting the Unangax people of the Aleutian Islands. We provide top-notch service to various branches of the federal government and prioritize community involvement. Our culture encourages growth, diversity, and inclusion, and our motto, "We are One," reflects our unity and purpose.

Position Summary:

The ISSO will be an integral cybersecurity team member, working closely with the Information Systems Security Manager (ISSM) and USSPACECOM J6C team. The ISSO will support the USSPACECOM Command and System level ISSMs. ISSO will work to ensure the enclave's security authorization activities are in compliance with Risk Management Framework (RMF) policies and procedures, including System Security Plans (SSPs), Risk Assessment Reports, and A&A packages. Additionally, ISSO will aid with Command Incident Response, COMSEC, TEMPEST & Data Loss Prevention requirements. The foregoing position description is not all-inclusive of the duties that may be assigned to the employee. To ensure maximum flexibility and efficiency and to encourage cross-training, employees will be assigned additional duties as necessary to ensure mission capability.   

Responsibilities: 

• Maintains operational security posture to ensure Information Systems (IS) security policies, standards, and procedures are established and followed.  
• Recommends and implements security controls based on cybersecurity principles. 
• Supports the Information Systems Security Manager (ISSM) in all cybersecurity requirements. 
• Conducts independent, comprehensive management, operational, and technical security control assessments. 
• Manages security-related changes to information systems and assesses the security impact of those changes to security architecture. 
• Assist in creating and reviewing documentation, including System Security Plans (SSPs), Risk Assessment Reports, and Assessment & Authorization (A&A) packages. 
• Uses cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity  
• Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments to mitigate threats  
• Identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats.  
• Perform cyber defense trend analysis and reporting.
• Perform system log audits and be the Subject Matter Expert (SME) for all logging activities (log, track, and report) in all information systems. 
• Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A).
• Perform ACAS Scans, STIG compliance checker, and SCAP tool. 
• Assist ISSM and SSO team with Incident Response actions.
• Manage Data Loss Prevention Waiver request. 
• Serve as COMSEC Local Element COMSEC Responsible Officer (CRO). 
• Manage/Oversee TEMPEST requirements for USSPACECOM Collateral spaces. 
• Evaluate/Access functional areas for Risk Mitigation Strategies. 

Requirements:  

• TS with eligibility for SCI.
• Following DoD 8570.01M, the ISSO must meet the requirements of an IAT Level II as a condition of employment and computing environment training/certification. 
• BS in Computer Science or equivalent field of study (or equivalent experience of 4 years) and 2 years of ISSO and/or RMF experience. 
• Experience with RMF, NIST SP 800-53, NIST SP 800-171, Security Technical Implementation Guides (STIGs). 
• Experience with policies and procedures to support ATO/ATC decision-making and operational practices, including XACTA and/or eMASS.  
• Knowledge of SIPR and JWICS Assessment & Authorization (A&A) process. 
• Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption). 
• Experience in preparing detailed System Security Plans (SSP) for Government approval to achieve Approval to Operate (ATO) objectives. 
• Knowledge of new and emerging IT and cybersecurity technologies. 
• Demonstrate sound knowledge of business processes with extensive experience in a similar role. 
• Solid understanding of NIST RMF.
• Good recordkeeping, time management, and organizational skills. 
• Good written and interpersonal skills. 
• Ability to multi-task. 
• Good client management skills. 
• Understanding of STIGs, ACAS, and SCAP tool use.
• Incident Response Reporting.  
• Understand COMSEC/TEMPEST requirements. 
• Ability to configure/manage cryptographic devices. 

Preferred: 

• Military and/or government experience is a plus. 
• Experience with ServiceNow is a plus. 
• IAT/IAM III certification (CISSP, CISM). 

Locations: This position will require the performance of duties at any customer facility within Colorado Springs.  

Salary Range: $100K - $135K 

Closing Date: We will accept applications for this position until 13 September 2024 at 4:59 pm EST. 

Aleut offers the following benefits to eligible employees:  

• Health insurance 
• Dental/Vision Insurance  
• Paid Time Off 
• Short- and Long-Term Disability  
• Life insurance  
• 401k, and match 

Aleut Federal, LLC provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, gender identity, or genetics. In addition to federal law requirements, AF complies with applicable state and local laws governing nondiscrimination in employment in every location where the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. AF prohibits workplace harassment based on race, color, sex, religion, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status.

#aae 

#CJ