Posted in Other 30+ days ago.
This job brought to you by America's Job Exchange
Type: Full Time
Location: Ogden, Utah
Candidates will provide ISSO activities in support of the ISSM, including but not limited to: updating and sustaining authorization packages in the XIAM Tool, as well as managing the day-to-day security posture of the SCIF as it pertains to cybersecurity regulations such as NIST SP 800-53 and others. Duties include:
the ISSM in the day-to-day operations of their AOR to include, but not limited to:
o Logical and physical access control
o Random bag inspections
o Media protection/control and equipment control
o Cybersecurity training of system users or SCIF patrons
o Incident reporting to the ISSM and applicable offices (MAJCOM, AO)
o Proper sanitization/destruction of media
o Collect applicable audit records IAW ICS 500-27
o Supporting assessment activities IAW ICD-503 s RMF process
Conduct information system security activities to inform and support implementation of security controls and ensure their compliance into systems within their AOR IAW ICD-503, NIST SP 800-53, and other applicable documentation.
Ensure all systems measures are met in implementing organizational information systems and upgrading legacy systems.
Perform applicable System Administrator tasks as required by system(s) within their AOR, with the following requirements:
o Complete applicable Privileged User Access training from the agency or service element.
o Have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
o Be limited to the minimum number of privileges needed to perform their assigned duties, as technically feasible (Least Privilege).
o Access only the specific data/software/hardware for which they are authorized access and have a need-to-know, and assume only those roles and privileges for which they are authorized.
o NOT use privileged user accounts to perform routine, non-system-administrative daily tasks (such as web browsing or reading email) as these activities may unintentionally damage or expose the system to attacks that are delivered via everyday applications/
o NOT use their privileged user access to alter, change, or destroy information (audit logs, security-related objects/directories) without approval from the appropriate legal authority
o Protect the root or super user authenticator at the highest level of data the system(s) secures
o Only perform authorized tasks and functions
At least three (3) years of ISSO, and/or Cyber Security experience
IAT Level II or IAM Level II Certification
AF IC CYBER 100 Course Completion (previously called ACC/A2S-OL ISSM/ISSO Training Course )
At least three (3) years of AF or other military and/or commercial type experience
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.