Information System Security Officer - Nuernberg, Deutschland - CSA – Careers

CSA – Careers

Geprüftes Unternehmen

Nuernberg, Deutschland

vor 3 Wochen

Geschrieben von:

Lena Wagner

beBee Recruiter

Beschreibung

CSA is seeking a Cyber Security Specialist/ISSO to provide support to support to a government client located in Grafenwoehr, Germany.

As a member of the Cyber Security Team, the ISSO will conduct research, data analysis, onsite Information Assurance support, and Risk Management Framework support.

Responsibilities:

Develops and maintain an organizational or systemlevel cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.
Provides support to the System Owner and the ISSM for maintaining the appropriate operational IA posture for a system, program, or enclave.
Provides support to the customer on all matters involving the security of their information systems.
Assists with the management of all security aspects of the information system and as assigned performs daytoday security operations of the system.
Assists in the development of the system security policy and ensures compliance with that policy on a routine basis.
Prepares, validate, and maintain security documentation including, but not limited to system security plan (SSP), risk assessment (RA), contingency plan (CP), privacy Impact assessment (PIA), eAuthentication assessment, FIPS categorization.
Provide configuration management for securityrelevant information system

- software, hardware, and firmware, controlling changes to the system and assessing the security impact of those changes.

Identify and mitigate security business and system risks.
Identify and manage POA&Ms through remediation as well as develop corrective action plans for each POA&M.
Maintains a repository for all organizational or systemlevel cybersecurityrelated documentation such as RMF processes within eMASS or other automated process.
Maintains Defense Information Technology Portfolio Registry (DITPR) for client systems and software.
Ensures implementation of Information System (IS) security measures and procedures,

- including reporting incidents to the Information System Security Manger (ISSM) and appropriate reporting chains as well as coordinating system-level responses to unauthorized disclosures in accordance with DoDM Vol 3 for classified information or DoDM Vol 4 for CUI, respectively.

Implements and enforce all DoD IS and Platform Information Technology (PIT) system cybersecurity policies and procedures, as defined by cybersecurityrelated documentation.
Ensures that all users have the requisite security clearances and access authorization and are aware of their cybersecurity responsibilities for DoD IS and PIT systems under their purview before being granted access to those systems.
In coordination with the ISSM, initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
Establishes a process for authorized users to report all cybersecurityrelated events and potential threats and vulnerabilities to the ISSO.
Ensures that all DoD IS cybersecurityrelated documentation is current and accessible to properly authorized individuals.
Ensures proper Configuration Management procedures are followed. Prior to implementation and contingent upon necessary approval with the ISSM.
Initiates requests for temporary and permanent exception, deviations, or waivers to IA requirements such as Plan of Action and Milestones (POA&Ms).
Ensures IA and IAenabled software, hardware and firmware comply with appropriate security configuration guides.
Provide status updates of assigned duties to the appropriate agency heads as defined in their respective Service Level Agreement (SLA).
Responds to all applicable data calls, CTO's, FRAGO's, IAVA's, etc. within the requested timeframe.
Attends all Cybersecurity Workforce Meetings when requested.
Performs as needed system administration on JLCCTC or other simulations or interface systems as needed.
Performs as needed technical operations, setup and tear down of servers, systems and integration tools; maintaining RMF compliance; providing input to exercise design and technical planning products.
Supports as needed other setup, transition, and break down for all training and training support activities pertaining to this task order.
Participates in individual training, seminars, conferences, exercise/experiment planning events, site surveys, and exercise and training events and supports the planning and preparation processes and product development as needed.

Qualifications:

Must possess a bachelor's degree plus 3 years of recent relevant technical experience OR an associate degree plus 7 years of recent experience OR a major Industry Recognized networking certification plus 7 years of recent experience OR 11 years of recent experience.
Bachelor's degree in engineering, science, mathematics, or a related field
Five (5) years' experience within the past 10 years, in planning simulation exe