ISSO - Information Assurance Analyst

ISSO - Information System Security OfficerLocation: Ridgecrest, CASchedule: Full Time OVERVIEWCaribou Thunder is hiring an ISSO in Ridgecrest, CA. This meaningful work will support the mission of the Naval Air Warfare Center, Weapons Division and their complex network of computing and communications systems and software supporting a scientific user community that relies on available and stable access to timely information. This role will support consolidation for accreditation efforts across the command. SECURITY CLEARANCESecret clearanceMust be able to obtain TS/SCIEDUCATION and EXPERIENCEBachelor''s degree in Computer Science or other applicable field plus 5 years of experience in information systems security/information assurance, security engineeringOR 8 years of experience in lieu of a degree CNSSI 4012-4016 Certificate or NDU CISO certificate or Military Training NEC 2780 or 2779 or 2781 can also be substituted for educational requirementRESPONSIBILITIESPlan, implement, upgrade, and/or monitor security measures which make up the protection of corporate or government computer networks. Research, analyze, develop, and document information systems IAW government policies and standards. Provide guidance in matters of Security Controls selection, implementation, auditing and monitoring for area of responsibility. Collaborate with other ISSOs and Sr. Staff to achieve favorable A&A outcomes. Execution of the Information Assurance program as stipulated by various USG requirements documents including (but not limited to): NISPOM, JSIG, ICD 503, DAAPM, and associated NIST documents. Assessment and Authorization (A&A) of assigned systems (SSPs, CMP, RMP, CTP, etc.)Perform technical security controls assessments and baseline validations to identify vulnerabilities and control deficiencies as part of continuous monitoring formation assurance sustainment activities (hardware/software change management, account management, auditing, media protection, user interface, file transfers, etc.)System self-inspections, audit log reviews, secure baselines, and continuous monitoringInterfacing with internal and external customers, program managers, IT staff, etc.Prepare and conduct initial and annual general/privileged IA training and awarenessConduct various actions related to cyber incident response, investigation, and resolutionDevelopment, maintenance, and execution of effective, well-written, and customer compliant IA policies and procedures for various customer basesThis position will report directly to the CSI Systems Security Manager (ISSM) for IIS.QUALIFICATIONSIAT Level II Certification - CCNA, CSA+, GICSP, GSEC, Security+ CE, SSCPExperience developing System Security Plans (SSPs) and supporting Assessment & Authorization (A&A) documentationRisk Management Framework Experience.Experience with NIST 800-37 and 53 Risk Management Framework (RMF) concepts and procedures. Experience supporting various computer hardware platforms and multiple operating systems in both stand alone and LAN/WAN configurations.Working knowledge of operating systems security features and settings (Windows, Unix, Linux, and OS X).Ability to make sound decisions and implement all aspects of information systems security as it applies to NISPOM Chapter 8, JSIG, ICD 503, NIST SPs, and other government doctrine.Experience with various information system security assessment/hardening tools - SCAP Compliance Checker, STIG Viewer, Nessus, SECSCN, DISA SRR, Retina, etc.Experience maintaining HBSS, ePO and ACAS.Professional demeanor, good interpersonal skills, and ability to excel in a high-paced multi-tasked environmentDemonstrated ability to act independently, prioritize tasks, and manage to scheduleWillingness to perform security tasks outside specialty (e.g., program security) and be proficient in Microsoft Applications (Word, Excel, Power Point, Access, Visio, etc.)Strong written and oral communications skills, technical knowledge, exemplary customer service skills, strong time management skills, the ability to creatively find solutions to complex challenges, and the ability to multi-task and thrive in a fast-paced environment. Able to author and present subject specific presentations.Capable of performing independently. Must be willing and able to travel as required up to 10% of work schedulePREFERRED QUALIFICATIONSExperience with computer forensic tools and investigation methodologiesWorking knowledge of Wide-Area and Local Area Networks (WAN/LAN), to include Cisco-based routers, switches, and firewallsPrior ISSO/ISSM or alternate ISSO/ISSM experienceIn-depth knowledge of NIST special publications, CNSS policies and instructions Additional Certifications Desired - CISSP, CAP, GSLC, ENSA, CASP CE, CSSLP, CEH, CFR, CSA+, GCIA, GCIH, GICSP, SCYBER, CISA, CISA+, GSNA, CISM, CISSP-ISSMP, GCFAABOUT CARIBOU THUNDERCaribou Thunder, LLC is a Woman Owned, HUBZone Certified, Native American Owned, SBA and SDB Certified global engineering services company, incorporated in 2006. Caribou Thunder is a Global Service Provider supporting a wide variety of DoD, Space and Intelligence programs with consistent growth since inception to over 100 associates and $10M in annual sales with solid performance in 35 states across the U.S. and 22 countries around the world.Caribou Thunder, LLCis an established Defense contractor with nearly 20 years of experience delivering engineering services worldwide. We offer industry leading salaries, flexible work life balance, full range of benefits (career development and mentoring, PTO, medical, dental, vision, life insurance, disability insurance, and 401k match). Caribou Thunder, LLC offers meaningful career opportunities within a true team-based environment, where each and every employee matters, contributing to a higher goal supporting National Security programs. Caribou Thunder, LLC is committed to hiring and maintaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, marital status, national origin, age, veteran status, disability, or any other protected class. United States citizenship is a requirement for all positions.LC71001IND123

Created: 2025-10-04