Information Systems Security Officer - ASRC Federal Holding Company

ASRC Federal Space and Defense brings a 14-year history of delivering high-performance space systems engineering, integration and satellite operations services to civil and defense agencies. ASRC Federal Space and Defense provides these services throughout all phases of the program life cycle and across the entire space systems architecture, including space and ground assets. We are seeking an Information Systems Security Officer (ISSO) in Fairbanks, AK.

The ISSO will maintain the IT security program in a manner consistent with DoC/NOAA, and government-wide laws, regulations, policies, procedures, and standards. The ISSO is responsible for implementing the system-level controls and maintain system documentation. The ISSO will:

• Work closely with the Federal ISSO and PAAN system administrators to develop and maintain policies and procedures to protect the confidentiality, integrity, and availability of the Partner Antenna Access Network (PAAN)
• Coordinate, facilitate, or otherwise ensure required security activities are being performed.  Build relationships with the SO, technical staff, and other stakeholders to make this happen smoothly.
• Help ensure compliance with federal guidelines, policies and procedures.
• Ensure the implementation and maintenance of security controls in accordance with the System Security Plan. Maintain the required operational security posture
• Recommend security enhancements to management or senior IT staff. Also recommend system-level solutions to resolve security requirements
• Take proactive security measures, assessing risks, and responding to security breaches. Monitor networks, databases, and computer systems and create a risk management plan for IT systems. Verify security updates are applied.
• Maintain all required documentation, memos, SOPs, and meeting notes, required to satisfy NOAA Security (ICAM, ISCP, SAP, BIA, CPTPR).
• Host the weekly IT Security meeting to update the system owner, other ISSO’s, Federal Employees and contractors of the current status of:

• Current and outstanding security vulnerabilities
• Change Control requests and work requests
• Status of POA&Ms
• Any other security related information

• Maintain and update certification and accreditation documentation as polices and requirements change;
• Maintain and update an accurate network inventory of all devices classified within the FISMA boundary when devices are added or removed from the network
• Maintain a System Security Plan and verify the network is secured and maintained according to how the SSP describes
• Help provide artifacts, script outputs and all required documentation for the yearly security control assessment (SCA).
• Verify required device configuration backups are updated every quarter
• Know how PAAN supports the FCDAS mission
• Understand system details such as architecture, system components (hardware, software, peripherals, etc.), location of each system component, data flow, interconnections (internal and external), and configuration management processes and procedures
• Build relationships with key personnel who have the authority or ability to ensure compliance with security laws, regulations, guidance and requirements
• Ensure the security of all interfaces between NOAA and external systems, develop and maintain interconnection documentation (ISA, SLA, MOU, MOA), and provide oversight of cooperative relationships with business partners or other interconnected systems;
• Provide system-level monitoring and compliance reporting;
• Review, respond to, and report security incidents as required by NOAA Incident Reporting Procedures;
• Ensure records associated with incidents are protected from intentional or unintentional alteration, destruction, or interception;
• Monitor, evaluate, and respond to security threats to assigned systems;
• Assist in the development and maintenance of system security plans, standard operation policies, procedures, and best practices;
• Assist in the development of and ensure annual testing of contingency/ disaster recovery procedures;
• Ensure implementation of all security policy, plans, and procedures;
• Evaluate and review security technologies, mechanisms, devices, and systems and recommend changes to the information system owner
• Maintain liaison with NOAA security incident response teams;
• Attend required NOAA Cyber Security meetings / briefings
• Ensure distribution, tracking and implementation of approved security alerts, patches, and bug fixes;
• Ensure vulnerability scans are performed per the NOAA mandated scanning schedule and all devices were scanned with administrative credentials
• Review vulnerability scan results and coordinate with System Administrators to implement required remediation of all relevant findings.
• Determine when accepting risk is the only solution for findings that cannot be remediated.
• Provide Monthly Vulnerability Reports to OSPO IT Security
• Review and provide feedback to the NOAA Quarterly Vulnerability Report
• Answer requested data calls regarding IT Security matters
• Evaluate need, and schedule and coordinate local security training and awareness programs for system administrators and users;
• Participate as a member of incident response teams;
• Monitor and review physical security policy, practices, and procedures;
• Complete specialized security training required by the NOAA IT Security Office and the Line Office CIO, report training records to the Line Office ITSO;
• Ensure that systems users receive system-specific training prior to being authorized access to the system;
• Ensure specialized IT security training is made available to all system and network administrators; and
• Ensure all user accounts are disabled on the day (or within 24 hours of notification of the user's separation from NOAA)-immediately for individuals being separated for adverse reasons on or just prior to notifying them of the pending action.