Job Postings >> ISSO - Information System Security Officer
ISSO - Information System Security Officer
Title:ISSO - Information System Security Officer
Location:Tucson, AZ

Title: Information System Security Officer (ISSO)
355th Operational Support Squadron
Status: Full Time / Exempt
Location: Tucson, AZ 85707
Job Summary: The Information System Security Officer (ISSO) supports the ISSM, which will include but not limited to: updating and sustaining authorization packages in the XIAM Tool, as well as managing the day-to-day security posture of the SCIF as it pertains to cybersecurity regulations such as NIST SP 800-53 and others. ISSO will also only operate within their specific AOR which shall be the JWICS ground and air enclave and/or SAP/SAR enclaves. Additionally, the ISSO support the ISSM in the day-to-day operations of their AOR to include, but not limited to:

* Logical and physical access control

* Random bag inspections

* Media protection/control and equipment control

* Cybersecurity training of system users or SCIF patrons

* Incident reporting to the ISSM and applicable offices (MAJCOM, AO)

* Proper sanitization/destruction of media

* Collect applicable audit records IAW ICS 500-27

* Supporting assessment activities IAW ICD-503’s RMF process

Coordinating any changes or modifications to hardware, software, or firmware of a system with the ISSM and then the AO/DAO prior to the change, or if implemented changes might affect current system baseline or current system authorization. Conduct information system security activities to inform and support implementation of security controls and ensure their compliance into systems within their AOR IAW ICD-503, NIST SP 800-53, and other applicable documentation. Conduct timely and in-depth research to analyze and identify necessary security controls with written solutions and recommendations. Ensure all systems measures are met in implementing organizational information systems and upgrading legacy systems.  Serve as a member of any/all change-related CCBs if designated by the ISSM and provide recommendations to the government on beneficial input for the reviews if the ISSM cannot be present. Requirements
Perform applicable System Administrator tasks as required by system(s) within their AOR, with the following requirements:* Hold current DoD 8570.01-M Information Assurance (IA) certification required for their position. Complete applicable Privileged User Access training from the agency or service element. Have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures. Be limited to the minimum number of privileges needed to perform their assigned duties, as technically feasible (Least Privilege).

* Access only the specific data/software/hardware for which they are authorized access and have a need-to-know and assume only those roles and privileges for which they are authorized.

* NOT use privileged user accounts to perform routine, non-system-administrative daily tasks (such as web browsing or reading email) as these activities may unintentionally damage or expose the system to attacks that are delivered via everyday applications/

* NOT use their privileged user access to alter, change, or destroy information (audit logs, security-related objects/directories) without approval from the appropriate legal authority

* Protect the “root” or “super user” authenticator at the highest level of data the system(s) secures

* Only perform authorized tasks and functions

* At least three (3) years of ISSO, and/or Cyber Security experience

* At least two (2) years of System Administration experience

* Must have and maintain an active and current US Top Secret/SCI clearance.

Education and Certification

* Bachelor’s Degree in Technical field (Computer, Engineering or Information Systems) from an accredited university,

* IAT Level II or IAM Level II certified

* AF IC CYBER 100 Course Completion (previously called “ACC/A2S-OL ISSM/ISSO Training Course”)