Information System Security Officer

SOSi is currently seeking an experienced Information Systems Security Officer (ISSO) to join our team in Joint Base Pearl Harbor Hickam, Honolulu, Hawaii. The customer based out of Honolulu, Hawaii creates, manages, and supports IT solutions for our customer, its mission and its 5,000+ customers throughout the Pacific theater. Our team solves challenging technical problems that enable the customer to realize critical and time sensitive C2 strategies.

As an ISSO at SOS International LLC, you should be well organized, detailed-oriented and proficient in Department of Defense (DoD) protocols, procedures and regulations, especially those pertaining to Risk Management Framework (RMF).  The duties of this position include being part of the team responsible for the entire RMF lifecycle, from identification and prioritization of security risk, to the implementation and monitoring of security controls.  The candidate should communicate effectively, orally and in writing, and be able to prepare and deliver executive-level briefings to interested parties as required.

• Assist the ISSM (Information System Security Manager) in formulating and upholding an organized information system security program and policies that are applicable to their assigned area of responsibility.
• Establish and maintain secure computer systems and networks for classified processing, and take responsibility for the administration, maintenance, and security auditing of such systems.
• Develop and supervise the implementation of guidelines and policies for operational information systems security.
• Manage assigned eMASS (Enterprise Mission Assurance Support Service) packages containing all security authorizations for information systems under their supervision.
• Coordinate inspections, tests, and reviews of information system security.
• As a key member of the team, you will be responsible for contributing your expertise and skills to help ensure the team's success in responding to security incidents and protecting organizational assets.
• Practical understanding of the Assured Compliance Assessment Solution (ACAS) to support the execution of the MPE information system patch and vulnerability management program.
• Thorough understanding of Security Technical Implementation Guidelines (STIG) and ensure they are reviewed, maintained, and updated on a quarterly basis.
• Ensure compliance with Configuration Management policies and procedures for authorizing the use of hardware and software on an information system.
• Engage with external stakeholders to facilitate the coordination of interconnection requests and ensure that such requests are processed and approved in an efficient manner.
• Maintain current knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Manage, maintain, and execute the information security continuous monitoring plan.
• Keep records of all security-related vulnerabilities POA&Ms and ensure that serious or unresolved violations are reported to the AO/DAO.
• Evaluate any changes to the system, its environment, and operational requirements that could impact security authorization.

• An Active in-scope SECRET clearance.
• Bachelor’s degree in a related field or the equivalent years of related experience.
• Knowledge of NSA’s Commercial Solution for Classified (CSfC) solution and Cross Domain Solutions (CDS)
• Thorough understanding of NIST Publication 800-53r5, Risk Management Framework, Executive Order 14028, and OMB Mandate M-22-09.
• Prior experience with eMASS
• DoD 8570 IAT-II compliant (Security+ CE, CCNA-Security, CND, CySA+, GICSP, GSEC, or SSCP)
• Strong communication skills and ability to coordinate tasks across functional groups.

• An Active in-scope TOP SECRET clearance with SCI Eligibility.
• Recent experience in the assessment and authorization of systems
• Practical knowledge of JIRA and Confluence.
• Experience with compliance tools such as Tenable Nessus and SCAP.
• Experience in program policy and process creation and oversight.

• Working conditions are normal for an office environment.
• Fast paced, deadline-oriented environment.
• May require periods of non-traditional working hours including consecutive nights or weekends.

SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.

• An Active in-scope SECRET clearance.
• Bachelor’s degree in a related field or the equivalent years of related experience.
• Knowledge of NSA’s Commercial Solution for Classified (CSfC) solution and Cross Domain Solutions (CDS)
• Thorough understanding of NIST Publication 800-53r5, Risk Management Framework, Executive Order 14028, and OMB Mandate M-22-09.
• Prior experience with eMASS
• DoD 8570 IAT-II compliant (Security+ CE, CCNA-Security, CND, CySA+, GICSP, GSEC, or SSCP)
• Strong communication skills and ability to coordinate tasks across functional groups.

As an ISSO at SOS International LLC, you should be well organized, detailed-oriented and proficient in Department of Defense (DoD) protocols, procedures and regulations, especially those pertaining to Risk Management Framework (RMF).  The duties of this position include being part of the team responsible for the entire RMF lifecycle, from identification and prioritization of security risk, to the implementation and monitoring of security controls.  The candidate should communicate effectively, orally and in writing, and be able to prepare and deliver executive-level briefings to interested parties as required.

• Assist the ISSM (Information System Security Manager) in formulating and upholding an organized information system security program and policies that are applicable to their assigned area of responsibility.
• Establish and maintain secure computer systems and networks for classified processing, and take responsibility for the administration, maintenance, and security auditing of such systems.
• Develop and supervise the implementation of guidelines and policies for operational information systems security.
• Manage assigned eMASS (Enterprise Mission Assurance Support Service) packages containing all security authorizations for information systems under their supervision.
• Coordinate inspections, tests, and reviews of information system security.
• As a key member of the team, you will be responsible for contributing your expertise and skills to help ensure the team's success in responding to security incidents and protecting organizational assets.
• Practical understanding of the Assured Compliance Assessment Solution (ACAS) to support the execution of the MPE information system patch and vulnerability management program.
• Thorough understanding of Security Technical Implementation Guidelines (STIG) and ensure they are reviewed, maintained, and updated on a quarterly basis.
• Ensure compliance with Configuration Management policies and procedures for authorizing the use of hardware and software on an information system.
• Engage with external stakeholders to facilitate the coordination of interconnection requests and ensure that such requests are processed and approved in an efficient manner.
• Maintain current knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Manage, maintain, and execute the information security continuous monitoring plan.
• Keep records of all security-related vulnerabilities POA&Ms and ensure that serious or unresolved violations are reported to the AO/DAO.
• Evaluate any changes to the system, its environment, and operational requirements that could impact security authorization.