Information System Security Officer

Delaware Nation Industries (DNI) is on the lookout for an Information System Security Officer who will be responsible for ensuring the appropriate operational security posture is maintained for the CAOC-X environment. This includes implementing and enforcing Air Force cybersecurity policies, procedures, and countermeasures, as well as proactively monitoring, analyzing, and detecting cyber events and incidents. The ISSO will leverage their subject matter expertise in Computer Network Defense (CND) to protect and defend assigned systems. This role requires a strong understanding of cybersecurity suites of tools, communication principles, and the ability to maintain compliance with DoD and Air Force cybersecurity standards.

• RMF Lifecycle Management: Assist the ISSM in maintaining the authorization to operate throughout the Risk Management Framework (RMF) lifecycle.
• Policy and Procedure Implementation: Implement and enforce all Air Force cybersecurity policies, procedures, and countermeasures IAW AFMAN 17-101.
• Compliance and Training: Ensure all users have the requisite security clearances and need-to-know, complete annual cybersecurity training, and are aware of their responsibilities before being granted access to the CAOC-X environment.
• User Access Control: Ensure all authorized user access control documentation is processed and approved IAW the CAOC-X Risk Management Framework (RMF) Authorization.
• Security Configuration Management: Ensure software, hardware, and firmware receive proper authorization and comply with appropriate security configuration guidelines (e.g., security technical implementation guides /security requirement guides).
• Configuration Change Management: Ensure proper configuration management procedures are followed prior to implementing changes to the environment. Coordinate changes or modifications with the CAOC-X Configuration Management Control Board (CCB).
• Incident Response: Initiate protective or corrective measures, in coordination with the ISSM, when a security incident or vulnerability is discovered. Report security incidents or vulnerabilities per the CAOC-X Incident Response Plan.
• Exceptions and Waivers: Coordinate exceptions, deviations, or waivers to cybersecurity requirements with the CAOC-X ISSM and document within the POA&M.
• Continuous Monitoring: Monitor, analyze, and detect Cyber events and incidents within the CAOC-X enclave under general supervision.
• Cyber Defense: Assist with integrated, dynamic Cyber defense, coordinate and maintain security toolsets to support the organization’s continuous monitoring and ongoing authorization programs, establish a framework by which cyber risk can be measured and quantified.
• Security Maintenance: Maintain security by monitoring and ensuring compliance with standards, policies, and procedures; conduct vulnerability assessments and develop cyber security training for delivery to organization personnel.
• Security Lockdown: Ensure DISA STIG lockdowns are performed/validated/ tracked for all CAOC-X equipment in accordance with DISA STIGs.  Assist in the creation and maintenance of the Plan of Action and Milestone (POA&M).
• NIPR, SIPR, JWICS: Perform ISSO duties for all CAOC-X supported environments. Coordinate with the Joint Base Langley-Eustis Wing Cybersecurity Office (WCO), CAOC-X ISSM, and 10th Intelligence Squadron (10IS) as needed to ensure workstations and personnel remain compliant with the respective system’s authorization.
• Vulnerability Validation: Utilize current network security tool suites such as Assured Compliance Assessment Solution (ACAS) to scan for and validate identified vulnerabilities. 

Qualifications:

• TS/SCI Clearance eligible
• Must be a U.S. citizen.
• Extensive working knowledge of information, computer and communications security principles. 
• Experience with NIST 800-53, eMASS, and Risk Management Framework (RMF)
• Thorough knowledge of ACAS, DISA STIGs, Local Area Networks (LANs), Wide Area Networks (WANs), Virtual Private Networks (VPNs), routers, firewalls, network protocols, and other security and network operations and monitoring
• Experience with managing TEMPEST, media sanitization, ServiceNow and IAO Express

Technical Skills:

• Proficiency with Risk Management Framework
• Windows OS, Linux
• Proficiency with ACAS, ESS, SolarWinds and SPLUNK.

Certifications:

• Meet the requirements for DoD 8140.03 DoD Cyber Workforce Framework (DCWF) roles: Cyber Defense Analyst (511), Cyber Defense Incident Responder (531), and Vulnerability Assessment Analyst (541) at the Intermediate Proficiency Level.

Education and Experience Requirements:

• A Bachelor’s degree in Computer Science, Information Systems, Engineering, or a similar discipline along with 3 to 5 years of relevant experience; or 5 to 7 years of pertinent experience in place of a degree.

• Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental

• Matching 401K
• Short- and Long-Term Disability
• Pet Insurance
• Professional Development/Education Reimbursement
• Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.