L3Harris

Job Title: Information System Security Officer (ISSO) 4

Job Code: SAS20221110-91783

Job Location: Melbourne, FL

Job Description: Implements the day-to-day information system security program for the assigned secure areas, classified information systems and classified programs. Works directly with the Contractor Program Security Officer (CPSO), Program Managers and program personnel to ensure customer regulations, laws and policy is followed (i.e. NISPOM, JSIG, and/or ICD-503). Implements, tests, documents, and continuously monitors applicable system security controls with the goal to ensure all systems are authorized to operate. As an on-site security professional, the ISSO’s responsibilities include management and execution of all classified information system security for the facility to include asset management, inspection for prohibited technology, system auditing, user accounts (help desk support), user security support, vulnerability management, vulnerability scanning, document control (sanitization/degaussing/destruction), and system access control. Exhibits the dedication and expectation of excellence required of a seasoned security professional while working and making decisions independently without direct supervision. The ISSO works as a team player, exhibits flexibility, sets priorities, and manages customer expectations in a sometimes fast-paced environment. The ISSO interacts with internal and external customers or Government security officials in performance of security duties.

Essential Functions:

• Authoring and maintaining Body of Evidence (BOE) for Assessment & Authorization (A&A) of assigned systems in accordance with the Risk Management Framework (RMF) to include system security plans
• Performing security control assessments as part of the systems’ initial standup and Continuous Monitoring Plan
• Overseeing and enforcing the configuration management of assigned systems
• Works with IT organization to develop device and system hardening guides following DISA, JSIG and NIST guidelines
• Analyze and review vulnerability scan data using tools such as Nessus and ACAS
• Provide vulnerability remediation actions to IT Admins and chart vulnerabilities over
• Auditing systems to ensure security posture integrity
• Audit systems to ensure integrity of security posture utilizing SIEM tools like Splunk
• Conducting periodic hardware/software inventory assessments
• Identifying system security controls shortcomings and developing POA&Ms
• Remediate security control deficiencies
• Conducts, documents, and reports annual self-assessments
• Maintaining operational information security posture for a system, program, or enclave
• Investigating security incidents such as data spills, data integrity and malicious events
• Authoring and delivering security education training to range of audience levels
• Managing and providing media release and transfer between systems
• Managing a help desk queue for user accounts and security support
• Responsible for ensuring the formulation, establishment and execution of security policy, procedures and protocols pertinent to the facility consistent with National Industrial Security Program, Joint Special Access Program Implementation Guide (JSIG) or Intelligence Community Directives (ICDs) requirements.
• Determine customer security requirements and ensure requisite security access requests with applicable government agencies
• Responsible for effective communications regarding security by interfacing with or liaising with external customers (Government, Associate Contractors, Subcontractors, former employees) and internal L3Harris organizations
• Foster teamwork and collaborative efforts among Security team members to ensure timely completion of group project tasks and responsibilities.

Qualifications:

• Bachelor’s Degree and minimum 6 years of prior relevant experience or Graduate Degree and a minimum of 4 years of prior related experience.
• An active security clearance is required, TS with SCI Eligibility and CI Poly
• DoD 8570 IAT Level II Certification (i.e. Security+ CE)
• Experience with the DoD JSIG and/or ICD 503

Preferred Additional Skills:

• Experience as a Cleared Defense Contractor (CDC) working in corporate and/or government environments with industrial security duties in support of Intelligence Community (IC) or Department of Defense (DoD) programs
• Experience using security management software and applications
• Working knowledge of the Intelligence Community Directives (ICD’s), National Industrial Security Program Operating Manual (NISPOM), SAP Directives, and Supplement Information system security experience desired