ISSO

Blackstone Talent Group, an award-winning technology consulting and talent agency is seeking a ISSO to join our Client's team.

Researches, analyzes and compiles technical data to support the integration of security and resiliency into products and services throughout the lifecycle of the product/service to meet all applicable certifications and customer requirements. Researches, collects, interprets, tests, and analyzes technical data for system-level product security concepts in the projected operational environments to optimize effectiveness over the program lifecycle. Performs product security risk/attack surface/vulnerability analyses and security audits of applications and application stacks of various provenances. Analyzes, triages, aggregates, escalates, and reports relevant product security and anti-tamper data and other information sources for attack indicators and potential security breaches. Coordinates during incidents. Correlates and performs trend analysis. Analyzes malware and attacker tactics to improve detection capabilities. Prepares and presents technical reports and briefings.

This position supports the integration of security and resiliency into products and services throughout the lifecycle of the product/service to meet all applicable certifications and customer requirements.

Position Responsibilities Include:

• Researches, collects, interprets, tests, and analyzes technical data for system-level product security concepts in the projected operational environments to optimize effectiveness over the program lifecycle.
• Performs product security risk/attack surface/vulnerability and static code analyses, dynamic code analysis, and security audits of applications and application stacks of various provenances.
• Analyzes, triages, aggregates, escalates, and reports relevant product security data and other information sources for attack indicators and potential security breaches.
• Assists in coordination during incidents.
• Correlates and performs trend analysis.
• Analyzes malware and attacker tactics to improve detection capabilities.
• Prepares and presents technical reports and briefings.

Additional Position Responsibilities:

Support various US, Foreign Military Sales and Direct Military Sales programs

The Limited Information Systems Security Officer (LISSO) ensures, on behalf of the Facility Security Officer (FSO) and the Information System Security Manager (ISSM), that the requirements established in the Client Manual (BSM), the System Security Plan (SSP), and Information System Profile are followed for systems approved for classified operations. Security responsibilities for LISSOs are defined the Client. The LISSO is delegated to perform ISSO responsibilities for implementing and monitoring procedures applicable to classified operations on an authorized IS. Responsibilities are limited to those identified within this letter which is established by the ISSM.

Duties include, but are not limited to, the items listed below:

• Obtaining guidance from the ISSM in the development of an SSP.
• Ensuring compliance with all pertinent procedures outlined in the BSM, CSSM, IPSM, and each SSP.
• Developing and submitting SSP documentation to the ISSM for approval.
• Controlling access to the IS. This includes physical access, software access, and the validation of security clearances and NTK before allowing access to the system.
• Designating appropriately cleared personnel to act as escorts for visitors and maintenance personnel when they lack the appropriate clearance level, or NTK for the area being entered or visited, equipment being maintained, or information being processed.
• Reviewing or designating a knowledgeable person (a qualified and knowledgeable system user) to review the audit trail logs and records in accordance with the approved SSP.
• When changes are planned or are required for the system, the Limited-ISSO or alternate is responsible for:
• Initiating a revision to the SSP
• Submitting the revision to the Information Systems Security
• Ensuring sufficient lead-time for the reauthorization process to be completed before the revision is implemented for classified operations.
• Ensuring audit trail logs and records and review documentation are maintained and retained in accordance with the SSP
• Briefing authorized IS users of their individual responsibilities for safeguarding classified information and the use and protection of the equipment authorized for classified operations. Each IS user and supported person must be briefed before being granted access to an accredited IS and at least annually thereafter. These briefings will include, but are not limited to:
• The need for sound security practices for protecting information handled by the IS, including all input, storage, and output products.
• The specific security requirements associated with the IS.
• The security reporting requirements and procedures in the event of a system malfunction or other security incident.
• Maintaining an inventory of all approved hardware and software.
• Coordinating with the ISSM, through the assigned ISSO, to prepare and obtain approval for applicable SSPs before processing any classified information.
• Reporting any of the following, through the assigned ISSO, to the ISSM:
• All security incidents or suspected violations of approved procedures.
• System failure preventing sanitization of system memory or removal of classified information from an IS.
• Any deviations from approved procedures or knowledge of anything that could result in the compromise of classified information.
• Obtaining approval from the ISSM before allowing any changes to the system configuration requiring a system SSP update.
• Obtaining approval from the ISSM when there is a need to connect undocumented test equipment to approved systems while in a classified mode.
• Performing SCAP Scans, ACAS Scans, Nessus Scans
• STIG Checklist
• Researches, analyzes and compiles technical data to support the integration of security and resiliency into products and services throughout the lifecycle of the product/service to meet all applicable certifications and customer requirements
• Researches, collects, interprets, tests, and analyzes technical data for system-level product security concepts in the projected operational environments to optimize effectiveness over the program lifecycle
• Performs product security risk/attack surface/vulnerability analyses and security audits of applications and application stacks of various provenances. Analyzes, triages, aggregates, escalates, and reports relevant product security and anti-tamper data and other information sources for attack indicators and potential security breaches
• Coordinates during incidents
• Correlates and performs trend analysis. Analyzes malware and attacker tactics to improve detection capabilities. Prepares and presents technical reports and briefings
• This position requires an active U.S. Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)

Security+ (equivalent or higher) certification

Basic Qualifications (Required Skills/Experience):

• Bachelors degree or higher
• 6+ years experience in the aerospace industry

Preferred Qualifications (Desired Skills/Experience):

• Experience performing SCAP scans, ACAS scans, Nessus Scans or similar scans
• Experience working on DOD or other classified government systems

Security Clearance Required: Secret

Blackstone Talent Group is a wholly owned subsidiary of Blackstone Technology Group, a global IT services and software firm that implements technological solutions across commercial industry verticals and the US Federal Government. Blackstone's global talent augmentation practice was founded in 1998. Blackstone Talent Group has offices in San Francisco, Denver, Houston, Colorado Springs, and Washington, DC. We specialize in providing clients the best talent across a variety of industries and sectors.

EOE of Minorities/Females/Veterans/Disabilities