L3Harris Spec, Cyber Intelligence in Rochester, New York
Job Title: Information System Security Officer (ISSO)
Job Code: SAS20230803-98155
Job Location: Rochester, NY
Job Description: Implements the day-to-day information system security program for the assigned secure areas, classified information systems and classified programs under the guidance of the Information System Security Manager (ISSM). Works directly with the Contractor Program Security Officer (CPSO), Program Managers and program personnel to ensure customer regulations, laws and policy are followed (i.e. NISPOM, JSIG, and/or ICD-503). Implements, tests, documents and continuously monitors applicable system security controls with the goal to ensure all systems are authorized to operate. As an on-site security professional, the ISSO’s responsibilities include management and execution of all classified information system security for the facility to include asset management, inspection for prohibited technology, system auditing, user accounts (help desk support), user security support, vulnerability management, vulnerability scanning, document control (sanitization/degaussing/destruction), and system access control.
Exhibits the dedication and expectation of excellence required of a seasoned security professional while working and making decisions independently without direct supervision. The ISSO works as a team player, exhibits flexibility, sets priorities, and manages customer expectations. The ISSO interacts with internal and external customers or Government security officials in performance of security duties. The incumbent is responsible for supporting and enacting all L3Harris corporate policies including the protection of L3Harris’ intellectual property.
Authoring and maintaining bodies of evidence (BOE) for assessment & authorization (A&A) of assigned systems in accordance with the Risk Management Framework (RMF)
Perform security control assessments as part of the systems’ initial standup and then executing the continuous monitoring plan
Overseeing and enforcing the configuration management of assigned systems
Work with IT organization to develop device and system hardening guides following DISA, JSIG and NIST guidelines
Analyze and review vulnerability scan data using tools such as Nessus
Provide vulnerability remediation actions to IT Admins and track vulnerabilities remediation timelines
Audit systems to ensure security posture is maintained in accordance with applicable guidelines. This will be completed through the use of SIEM tools such as Splunk
Conduct periodic hardware/software inventory assessments
Identify ineffective system security controls and work towards establishing a timeline to remediation or risk acceptance.
Conducts, documents and reports annual self-assessments
Assist ISSM with investigation of security incident
Author and deliver security education training to range of audience levels
Manage and provide media release and transfer between systems of different classifications
Manage a help desk queue for user accounts and security support
Responsible for ensuring the formulation, establishment and execution of security policy, procedures and protocols pertinent to the facility consistent with National Industrial Security Program, Joint Special Access Program Implementation Guide (JSIG) or Intelligence Community Directives (ICDs) requirements
Determine customer security requirements and ensure requisite security access requests with applicable government agencies
Responsible for effective communications regarding security by interfacing with with external customers (Government, Associate Contractors, Subcontractors, former employees) and teams internal to the L3Harris organization
Foster teamwork and collaborative efforts among security group members to ensure timely completion of group project tasks and responsibilities.
Bachelor’s Degree and minimum 4 years of prior relevant experience. Graduate Degree and a minimum of 2 years of prior related experience.
An active security clearance is required, TS with SCI Eligibility
DoD 8570 IAT Level II Certification (Security+ CE)
2+ years' experience with the DoD JSIG and/or ICD 503
Preferred Additional Skills:
4+ years’ experience as an ISSO supporting or managing cybersecurity on classified systems
Experience developing, managing, providing evidence to close POA&Ms associated with the A&A and project management processes
Experience with building and maintenance networking equipment (Router, Switch, Firewall)
Experience with Microsoft and Linux based operating systems
Experience reviewing logs on workstation, server, firewall, & IPS/IDS
Experience with DISA STIGs and SCAP Compliance Checker
Experience interpreting vulnerability scanning results (Nessus, ACAS, etc.)
Experience with ServiceNow CRM
Experience with DAAPM, JSIG and ICD 503 based authorization and accreditations
L3Harris Technologies is proud to be an Affirmative Action/Equal Opportunity Employer. L3Harris is committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. All applicants will be considered for employment without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender (including pregnancy, childbirth, breastfeeding or other related medical conditions), gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, characteristic or membership in any other group protected by federal, state or local laws. L3Harris maintains a drug-free workplace and performs pre-employment substance abuse testing and background checks, where permitted by law.
- L3Harris Jobs