Information System Security Officer (ISSO)

  • SAIC, Inc
  • United States
  • May 07, 2021

Job Description


SAIC is seeking an Information System Security Officer (ISSO) to support the US Air Force Agency for Modeling and Simulation (AFAMS) program in Kyonggi-do, Korea.

AFAMS is the premier agency responsible for implementation, integration, and development of Modeling and Simulation (M&S) and training and analysis standards that support the US Air Force (USAF), Department of Defense (DoD), and mission partners requiring these capabilities to support the Warfighter in full-spectrum operations. As the lead agent for M&S within the USAF, AFAMS gathers requirements, seeks out potential solutions, and integrates legacy and emerging M&S solutions across the USAF and the DoD. The USAF has an M&S initiative that focuses on providing simulation and synthetic training as the critical capability to augment live training, act as an enabler for critical decision-making, and enhance human performance. In the current resource constrained environment, demand for M&S rises with the continuously evolving need for operational readiness and mission preparedness across the USAF, DoD, and with coalition partners. AFAMS focuses on providing innovative M&S services as the key to meeting this demand.

SAIC is seeking to hire an Information System Security Officer (ISSO) to maintain security protection of the Pacific Air Simulation Center IT Enterprise including all dataThe ISSO will:


  • Serve as the POC for IT infrastructure security and related issues.
  • Conduct and maintain active security vulnerability assessments, implementations, and monitoring of all computer systems and network infrastructure.
  • Maintain the PASC firewalls IAW local security policies.
  • The contractor is responsible for the following requirements:
    • Provide guidance and subject matter expertise of DoD and AF policies, instructions related to the C&A processes, AF SISSU activities, and DoD eMASS web-based tool used to implement the DIACAP, the AFCAP, and DoD’s RMF.
    • Provide security engineering to implement security controls and to ensure the controls do not degrade performance and availability requirements needed to execute and sustain M&S exercises/events.
    • Provide M&S cybersecurity services:
      • Collaborate with Cybersecurity POCs to address C&A.
      • Conduct technical exchange meetings.
      • Review system architecture in support of DIACAP and/or RMF as well as respective C&A documentation.
      • Document problem areas and provide recommendations for a resolution.
      • Conduct site visit follow-up on issues and resolutions.
      • Document recommendations for process improvements.
    • Review system documents for accuracy and test system security features.
    • Conduct facility visits to observe the actual processes related to each IA control (technical, personnel, operational, or management in nature).
    • Utilize tools such as Retina and Nessus scanners, DISA SRR and Gold Disks, and database and web server security test tools.
    • Validate IA control implementation in M&S.
    • Perform base assessment primarily on the validation procedures of the DIACAP or RMF Knowledge Service and DISA STIGs.
    • Participate in meetings with system IASOs, program managers, IA managers, and C&A authorities and their representatives; present overviews of issues and recommendations during these meetings.



  • Bachelor's and two (2) or Master's and (0) years of related experience.
  • Training Requirements: Maintain appropriate cybersecurity certifications in accordance with AFMAN 17-1303, Cybersecurity Workforce Improvement Program, and DoD 8570, Information Assurance Workforce Improvement Program. Contractor personnel performing IAT requirements are required to have at a minimum an IAT Level II certification.

Desired Experience/Qualifications:

  • Knowledge of LINUX; Oracle Database Administration, SQL query; LINUX scripting languages; system/database monitoring; and multi-server troubleshooting·  Experience in  networking in a TCP/IP-based, intranet-like, distributed client environment is recommended
  • Experience with systems hosted in VMware vSphere virtualized environments.
  • Experience managing Palo Alto Next-Generation firewall