COMSEC Lead / Information System Security Officer (ISSO)

The position requires a broad knowledge of all facets of the security organization, work with minimal supervision, and the ability to coordinate with other ISSOs, alternate COMSEC custodians, systems administrators, and project personnel.

The Communications Security (COMSEC) Custodian is responsible for the receipt, custody, issue, safeguard and accounting of COMSEC keying material and Controlled Cryptographic Items (CCI) in accordance with NSA Manual 3-16.

The ISSO provides support for a system or enclave’s information assurance program. Provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Maintains operational security posture for an information system to ensure information systems security policies, standards, and procedures are established and followed. Assists with the management of security aspects of the information system and performs day-to-day security operations of the system. Evaluate security solutions to ensure they meet security requirements for processing classified information. Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A) (Formally Certification and Accreditation (C&A)). Provides configuration management (CM) for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes. Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). Supports security authorization activities in compliance with Risk Management Framework (RMF).

This position also requires strong customer service and communication skills in order effectively interact with the MITRE technical staff and sponsor security representatives.

Why Should I Consider MITRE?

Working at MITRE

Key Functions

The COMSEC Custodian will be responsible for performing all duties and responsibilities associated with managing the COMSEC account in accordance with NSA/CSS Policy Manual 3-16.

COMSEC Duties will include:

1) Managing the receipt, custody, utilization and disposal of all COMSEC material and equipment utilizing the DIAS system.

2) Performing semi-annual and annual inventory as required by the user agency.

3) Controlling the Loading of classified keys via electronic transmission on secure communications using simple key loader equipment.

4) Writing security policies, procedures, & training as needed

5) Coordinating transfers and shipments of Controlled Cryptographic Items (CCI)

6) Conducting COMSEC & Cryptographic briefings

7) Reporting any known or suspected COMSEC incidents

ISSO Duties will include:

1) Apply full range of Information Assurance (IA) policies, principals and techniques to maintain security integrity of information systems processing classified information.

2) Provide support to the Information Assurance Department for maintaining the appropriate operational IA posture for a system, program, or enclave.

3) Enforce information systems security policies, standards, and methodologies.

4) Assist in the evaluation of security solutions to ensure they meet security requirements for processing classified information.

5) Assist with preparation and maintenance of documentation.

6) Maintain records on workstations, servers, routers, firewalls, intelligent hubs, network switches, etc. to include system upgrades.

7) Evaluate security solutions to ensure they meet security requirements for processing classified information.

8) Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies.

9) Maintain operational security posture for an information system or program.

10) Develop and maintain documentation for A&A in accordance with applicable policies, procedures, and operating instructions.

11) Develop and update the system security plan and other IA documentation.

12) Provide CM for security-relevant information system software, hardware, and firmware.

13) Ensure proper implementation of virus protection and patching program.

14) Assist with the management of security aspects of the information system and perform day-to-day security operations of the system.

15) Plan and coordinate the IT security programs and policies.

16) Manage and control changes to the system and assessing the security impact of those changes.

17) Obtain Approval to Operate (ATO) for systems under their purview.

18) Provide support for a program, organization, system, or enclave’s information assurance program.

Location

MA: Bedford Campus

Required Skills:

– Successful completion of the COMSEC Custodian Training Course (IAEC-2112)

– In accordance with DoD 8570.01M, the selected individual must meet the requirements of an IAT Level II as a condition of employment.

Preferred Qualifications

– Experience using Distributed INFOSEC Accounting System (DIAS) to account for COMSEC material.

– Familiarity with Simple Key Loader (SKL) devices; and various secure telecommunication devices

– Candidates with active Top Secret clearance and SCI eligibility desired.

– Working knowledge of various operating systems (i.e. UNIX, Solaris, and Linux, Sun, Apple, Windows).

– Extensive experience with RMF, CNSSI 1253, NIST SP 800-53, and NISPOM.

– Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC).

– Knowledge of Information Assurance Vulnerability Alerts (IAVAs).

– Familiarity with NISPOM Chapter 8

– Technical experience and skills in securing multiple operating systems such as Windows Server 2012, Windows 10

– Demonstrated capabilities in presenting ideas written and orally within a cross-functional environment required

– Operational understanding of current networking technologies, security products and tools.

– Information systems secure processing experience (preferably in a Department of Defense (DoD) environment or government security agency) with an emphasis on computer security and risk management.

– Requires a person who is well organized with effective time management skills, above average verbal communication skills, good human relation skills, team player and a highly developed professional image.

– Excellent written communication skills are required for correspondence, reports and briefings.

– Proven ability to work independently as well as working with others in a collaborative environment.

– Ability to multi-task and effectively manage a heavy work load.

Minimum Education/ Experience

BS and 3 years related experience.

Travel Statement

*This position will require overnight travel up to 10 % of the time as well as some local travel.

Clearance

SCI

Clearance Statement

To be eligible for consideration for this position, a current Top Secret/SCI clearance is required. Only US citizens are eligible for a security clearance. For this position, MITRE will consider only applicants with TS/SCI security clearances.

Relocation Assistance Provided

No

Career Level

Experienced

Professional Area

Information Technology

Req ID

28703BR