**Information Systems Security Officer/Manager (ISSO/ISSM)**


Why choose between doing meaningfulwork and having a fulfilling life? At MITRE, you can have both. That's becauseMITRE people are committed to tackling our nation's toughest challenges-andwe're committed to the long-term well-being of our employees. MITRE isdifferent from most technology companies. We are a not-for-profit corporationchartered to work for the public interest, with no commercial conflicts toinfluence what we do. The R&D centers we operate for the government createlasting impact in fields as diverse as cybersecurity, healthcare, aviation,defense, and enterprise transformation. We're making a difference everyday-working for a safer, healthier, and more secure nation and world. Ourworkplace reflects our values. We offer competitive benefits, exceptionalprofessional development opportunities, and a culture of innovation thatembraces diversity, inclusion, flexibility, collaboration, and career growth.If this sounds like the choice you want to make, then choose MITRE-and make adifference with us.

Use data collected from a variety of cyberdefense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyzeevents that occur within their environments for the purposes of mitigatingthreats. Identify, analyze, and report events that occur or might occur withinthe network to protect information, information systems, and networks fromthreats.

Conducts independentcomprehensive assessments of the management, operational, and technicalsecurity controls and control enhancements employed within or inherited by aninformation technology (IT) system to determine the overall effectiveness ofthe controls (as defined in NIST SP 800-37).

Provides support for asystem or enclave's information assurance program through securityauthorization activities in compliance with Risk Management Framework (RMF).Manage changes to information systems and assess the security impact of those changes.Assist in the preparation and review of documentation to include SystemSecurity Plans (SSPs), Risk Assessment Reports, A&A packages, and SecurityControls Traceability Matrix (SCTM).

### Key Functions

+ Characterize and analyze networktraffic to identify anomalous activity and potential threats to networkresources.

+ Ensure that cybersecurity-enabledproducts or other compensating security control technologies reduce identifiedrisk to an acceptable level.

+ Document and escalate incidents(including event's history, status, and potential impact for further action)that may cause ongoing and immediate impact to the environment.

+ Perform cyber defense trend analysisand reporting.

+ Perform event correlation usinginformation gathered from a variety of sources within the enterprise to gainsituational awareness and determine the effectiveness of an observed attack.

+ Perform security reviews andidentify security gaps in security architecture resulting in recommendationsfor inclusion in the risk mitigation strategy.

+ Use cyber defense tools forcontinual monitoring and analysis of system activity to identify maliciousactivity.

+ Conduct research, analysis, andcorrelation across a wide variety of all source data sets (indications andwarnings).

+ Assess adequate access controlsbased on principles of least privilege and need-to-know.

+ Work with stakeholders to resolvecomputer security incidents and vulnerability compliance.

+ Provide advice and input forDisaster Recovery, Contingency, and Continuity of Operations Plans.

+ Plan and conduct securityauthorization reviews and assurance case development for initial installationof systems and networks.

+ Review authorization and assurancedocuments to confirm that the level of risk is within acceptable limits for eachsoftware application, system, and network.

+ Verify that applicationsoftware/network/system security postures are implemented as stated, documentdeviations, and recommend required actions to correct those deviations.

+ Perform security reviews, identifygaps in security architecture, and develop a security risk management plan.

+ Perform risk analysis (e.g., threat,vulnerability, and probability of occurrence) whenever an application or systemundergoes a major change.

+ Provide input to the Risk ManagementFramework process activities and related documentation (e.g., system life-cyclesupport plans, concept of operations, operational procedures, and maintenancetraining materials).

+ Ensure that plans of actions andmilestones or remediation plans are in place for vulnerabilities identifiedduring risk assessments, audits, inspections, etc.

+ Assure successful implementation andfunctionality of security requirements and appropriate IT policies andprocedures that are consistent with the organization's mission and goals.

+ Ensure that security design andcybersecurity development activities are properly documented (providing afunctional description of security implementation) and updated as necessary.

+ Support necessary compliance activities (e.g., ensure thatsystem security configuration guidelines are followed, compliance monitoringoccurs).


### RequiredQualifications

+ In accordance with DoD 8570.01M, the selected individualmust meet the requirements of an IAT Level II as a condition of employment andcomputing environment training/certification.

### Knowledge

+ Knowledge of computer networkingconcepts and protocols, and network security methodologies.

+ Knowledge of risk management processes(e.g., methods for assessing and mitigating risk).

+ Knowledge of authentication,authorization, and access control methods.

+ Knowledge of applicationvulnerabilities.

+ Knowledge of capabilities andapplications of network equipment including routers, switches, bridges,servers, transmission media, and related hardware.

+ Knowledge of cyber defense andvulnerability assessment tools and their capabilities. (e.g., ACAS, SCAP)

+ Knowledge of encryption algorithms(e.g., FIPS 140-2)

+ Knowledge of business continuity anddisaster recovery continuity of operations plans.

+ Knowledge of vulnerability informationdissemination sources (e.g., alerts, advisories, errata, and bulletins, DISAIAVM's).

+ Knowledge of Risk Management Framework(RMF) requirements.

+ Knowledge of IT security principles andmethods (e.g., firewalls, demilitarized zones, encryption).

+ Knowledge of new and emerging IT andcybersecurity technologies.

+ Knowledge of system and applicationsecurity threats and vulnerabilities (e.g., buffer overflow, mobile code,cross-site scripting, Procedural Language/Structured Query Language [PL/SQL]and injections, race conditions, covert channel, replay, return-orientedattacks, malicious code).

+ Knowledge of network securityarchitecture concepts including topology, protocols, components, and principles(e.g., application of defense-in-depth).

+ Knowledge of incident response andhandling methodologies.

+ Knowledge of intrusion detectionmethodologies and techniques for detecting host and network-based intrusions.

+ Knowledge of key concepts in securitymanagement (e.g., Release Management, Patch Management).

+ Knowledge of cyber defense andinformation security policies, procedures, and regulations (e.g., RMF).

+ Knowledge of different classes ofattacks (e.g., passive, active, insider, close-in, distribution attacks).

+ Knowledge of cyber attackers (e.g.,script kiddies, insider threat, non-nation state sponsored, and nationsponsored).

+ Knowledge of system administration,network, and operating system hardening techniques. (e.g., DISA STIGs)

+ Knowledge of cyber attack stages (e.g.,reconnaissance, scanning, enumeration, gaining access, escalation ofprivileges, maintaining access, network exploitation, covering tracks).

+ Knowledge of packet-level analysis usingappropriate tools (e.g., Wireshark,tcpdump).

+ Knowledge of Intrusion Detection System(IDS)/Intrusion Prevention System (IPS) tools and applications.

+ Knowledge of network protocols such asTCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directoryservices

### Skills

+ Skill in conducting vulnerability scansand recognizing vulnerabilities in security systems.

+ Skill in applying confidentiality,integrity, and availability principles.

+ Skill in discerning the protection needs(i.e., security controls) of information systems and networks.

+ Skill in using virtual machines. (e.g.,Microsoft Hyper-V, VMWare vSphere, CitrixXenDesktop/Server,Amazon Elastic Compute Cloud, etc.).

+ Skill in applying security controls.

+ Skill in reviewing logs to identifyevidence of past intrusions.

+ Skill in conducting reviews of systems.

+ Skill in assessing security controlsbased on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53,NIST SP 800-171, Cybersecurity Framework, etc.).

+ Skill in performing impact/riskassessments.

+ Skill in using security event correlationtools.

+ Skill in performing root cause analysis.

+ Skill in interpreting vulnerabilityscanner results to identify vulnerabilities.

+ Skill in using incident handlingmethodologies.

+ Skill in recognizing vulnerabilities insecurity systems. (e.g., vulnerability and compliance scanning)

### Abilities

+ Ability to identify systemic securityissues based on the analysis of vulnerability and configuration data.

+ Ability to apply techniques fordetecting host and network-based intrusions using intrusion detectiontechnologies.

+ Ability to answer questions in a clearand concise manner.

+ Ability to ask clarifying questions.

+ Ability to function effectively in adynamic, fast-paced environment

### PreferredQualifications

+ Experience with Risk Management Framework (RMF),NIST SP 800-53, NIST SP 800-171, Security Technical Implementation Guides(STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker(SCC). Knowledge of Information Assurance Vulnerability Alerts (IAVAs).

**Job** Cyber Security

**Primary Location** United States-Virginia-McLean

**Other Locations** United States-Massachusetts-Bedford

**This requisition requires a clearance of** Top Secret

**Travel** Yes, 10 % of the Time

**Job Posting** Sep 4, 2019, 7:46:05 PM

**Req ID:** 00054151

MITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age, color, race, disability, marital status, national and ethnic origin, political affiliation, religion, sexual orientation, gender identity, veteran status, family medical or genetic information, and other protected status.
Associated topics: alarm, casino, guard, loss control, loss prevention, monitor, patrol, protect, protection, public safety officer

* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.

Launch your career - Upload your resume now!

Upload your resume

Loading some great jobs for you...