Title:
Manager, Information Management/ ISSO
Perform all ISSO associated duties as prescribed in reference DoD Instruction 8500.01, -Cybersecurity,- Incorporating Change 1, 14 March 2014. Scope includes establishing, implementing, and maintaining the DoD information Cybersecurity (CS) program, including:
Assist the MDA/SN ISSM in meeting their duties and responsibilities as outlined in DoD Instruction 8500.01, Enclosure 3 Section 19 (ref a).
Ensure that all users of the LRDR systems under including privileged users, have the requisite security clearances and supervisory need-to-know authorization, and are aware of their cybersecurity responsibilities before being granted access to any DoD Information System on site.
Ensure that all users of the LRDR systems under including privileged users, have satisfied their initial, recurring, and Privileged User cybersecurity training in accordance with governing directives.
Coordinate with the ISSM and government ISSO to initiate protective or correcting measures when cybersecurity incidents or vulnerabilities are discovered and ensure that a process is in place for authorized users to report all cybersecurity-related events and potential threats and vulnerabilities to the ISSO.
Oversee the security of the network including investigation and reporting of security violations as required and ensuring -in use controls- consistent with the classification level of the system are developed and enforced.
Ensure that cybersecurity and cyber-enabled software, hardware, and firmware comply with appropriate security configuration guidelines.
Ensure the information system recovery processes are monitored and that cybersecurity features and procedures are properly restored.
Ensure that all cybersecurity-related documentation is current and accessible to properly authorized individuals.
Implement and enforce all cybersecurity policies and procedures, as defined by MDA and DoD security certification and authorization documentation.
Obtain and maintain cybersecurity connection approvals applicable to the system.
Perform cybersecurity vulnerability scans and update anti-virus signatures as required.
Perform security log audits.
Update the cybersecurity Plan of Actions and Milestones (POA&M) for MDA/SN components, as required.
Obtain and maintain necessary cybersecurity certifications, as defined in DoD Directive 8570.01-M, -Information Assurance Workforce Improvement Program,- 10 November 2015, and complete applicable mandatory training found on the MDA cybersecurity training portal.
Maintain Network System Security Plans and ensure each network/system is authorized as a unit.
Complete the following audit administrator responsibilities for the LRDR cross-domain solution (CDS): Validate authorization and mission need before adding Audit Administrator accounts.
Add, delete, modify, lock and unlock Audit Administrator accounts as necessary.
If temporary Audit Administrator accounts are added to the RADMERC, remove them immediately after they are no longer required.
Review RADMERC Audit Administrator accounts on an annual basis and remove any account that are no longer necessary
Validate at least annually that ere are not group or shared account on the RADMERC, ensuring each account easily identifies an individual user.
Qualifications:
Possess a minimum of a BA/BS Degree in a Computer Science, Computer Information Systems, Management Information Systems or a related field plus 5 years of directly related experience. Additional years of experience may be accepted in lieu of degree.
Certifications (IAT II) one of the following
CCNA-Security
CySA+ **
GICSP
GSEC
Security+ CE
CND
SSCP
Working knowledge of system security design process, defense-in depth/breadth, information security domains, identification, authentication, risk management, contingency planning, incident handling, configuration control, change management, auditing, RMF/ICD 503 process, and principles of IA (confidentiality, integrity, non-repudiation, availability, access control).
Demonstrate knowledge of and experience with at least one of the following (preferably more): current security tools; hardware/software security implementation; communication protocols; encryption techniques/tools.
Experience completing security evaluations of software systems or architectures to ensure they meet security requirements for processing classified information.
Experience preparing and maintaining SSPs or security related documentation.
Experience proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies
Demonstrated experience performing day-to-day security operations of information processing systems.
Desired Qualifications:
Experience with Government cyber tools preferred
Splunk
ACAS
ESS
Proficiency with the following:
Linux/Redhat
Windows Server
Firewalls
Networking
KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.
