Analogic

Information Systems Security Officer

Job Locations US-MA-Peabody
Job Post Information* : Posted Date 5 months ago(12/16/2019 9:53 AM)
ID
2019-1872
# of Openings
1
Category
Engineering
Type
Regular Full-Time

Overview

Founded in 1967, Analogic Corporation has become the leading provider of advanced security screening technology for the aviation industry.  Our high-speed Computed Tomography (CT) Explosive Detection Systems meet the highest standards for automated threat detection and play a key role in keeping the flying public safe.  We have an engineering culture of excellence, with over 200 patents assigned in the last years alone. 

Our team is now developing the next generation of security screening solutions for airports worldwide – solutions that will incorporate the latest advances in machine learning, 3D imaging and open network architectures, and have the potential to dramatically improve aviation security and passenger travel experience.  

To help lead this effort, Analogic is looking for a highly motivated and skilled Information Security Systems Officer (ISSO) to be part of a team designing industry leading technology for Airport Security.

Responsibilities

The ISSO will serve as the principal advisor to engineering for the information system on all matters (technical and otherwise) involving the security of the information system. Information system security requirements will be provided by our customer which is currently the DHS/TSA, but could be other government agencies both domestic and international in the future.  The ISSO must have detailed knowledge and expertise required to manage the security aspects of the information system and, in many cases, will be assigned responsibility for the day-to-day security operations of the system. This responsibility may also include, but is not limited to, physical security, incident handling, and security awareness and training. The ISSO will be called upon to assist in the development of the system security policy and to ensure compliance with the policy on a routine basis. In close coordination with the information system owner, the ISSO will play an active role in developing and updating the Security Plan as well as managing and controlling changes to the system and assessing the security impact of those changes. The ISSO also coordinates with external agencies and assists in the preparation of the Interconnection Security Agreement (ISA) to ensure all external connections meet protection requirements and are documented in the Security Plan, Risk Assessment, and security operating procedures. 

 

  • The ISSO shall serve as the principal point of contact for all IT security aspects pertaining to the systems under their responsibility in support of the System Owner (SO).
  • The ISSO shall work closely with the SO and Information Assurance and Cybersecurity Division (IAD) staff to interpret and apply Information Assurance (IA) policies and implement procedures.
  • The ISSO shall serve as liaison between the SO and the Transportation Security Administration (TSA) Chief Information Security Officer (CISO).
  • The ISSO shall work with the SO to document weaknesses in Plan of Action and Milestones (POA&M)s and initiate corrective action.
  • The ISSO shall employ automated tools as directed by IAD.
  • The ISSO shall compile an inventory of allocated information systems and providing a copy of the inventory on an annual basis to the TSA CISO or upon request.
  • The ISSO shall perform duties as required in the Department of Homeland Security (DHS) Performance Plan, as directed by IAD.
  • The ISSO shall develop IT security plans by using the security controls specified in the Computer Security Act of 1987, OMB Circular A-130, DHS regulations, NIST guidance, and other statutory and regulatory policies and guidance.
  • The ISSO shall conduct risk assessments that address vulnerabilities, threats, risk management, operational and technical security controls, and levels of risk acceptance.
  • The ISSO shall perform other ISSO specific tasking as defined in the DHS “ISSO Guide to the DHS Information Security Program" and the specific TSA ISSO appointment letter.
  • The ISSO shall ensure the accountability, Confidentiality, Integrity, and Availability of information, data, and source codes.
  • The ISSO shall ensure the protection of information and the information systems that store, process, or transmit TSA information.
  • An ISSO shall ensure the implementation and maintenance of security controls in compliance with the Security Plan (SP) and DHS policy.
  • The ISSO shall be granted a clearance and access greater than or equal to the highest level of information contained on the system.
  • The ISSO shall ensure that timely responses are provided to Systems Change Control Board (SCCB) change request packages.
  • The ISSO shall serve as the POC for all security matters related to that system.
  • The ISSO shall ensure code developers adhere to US-CERT coding practices.
  • The ISSO shall also ensure the confidentiality, integrity, and availability (CIA) of all aspects of the information system including, but not limited to, data, information, and source code.
  • The ISSO shall participate in system assessments, including High Value Asset (HVA) system assessments (HVASAs). Additional information on HVA and related overlays per OMB M-17-09.
  • The ISSO shall support systems undergoing assessments, including HVA systems.
  • The ISSO shall maintain inventory of privileged users and ensure annual training.
  • The ISSO, as with the SO, may designate a Technical Point of Contact (TPoC) in order to support system assessment.
  • The ISSO shall coordinate with the SA team for the creation of scanning privileged accounts in the target system in order to facilitate a system assessment.
  • The ISSO shall ensure system audit logs are reviewed monthly and issues are appropriately remediated and verify audit logs are capturing necessary information for the system.

Qualifications

  • BS or MS degree in Cybersecurity, Computer Science or other related fields
  • CISSP or other industry standard Cyber Security certification
  • 5-10 years of experience in Cybersecurity with intimate knowledge of security frameworks, data and tools that identify and mitigate risk
  • Secret Security Clearance – US Citizenship is required
  • Cybersecurity experience in a Linux and Windows environment
  • Experience implementing technical controls and processes based on NIST and/or DHS/TSA guidelines.
  • Experience in performing risk assessments, creating system security plans, secured coding practices and documentations
  • Experience in cybersecurity tools for product/device security
  • Experience working with a US government agency is a plus
  • Experience in Networking concepts and fundamentals is a plus
  • Passionate about security in an ever-changing landscape with the ability to keep up with threats and cyber hacker trends
  • Experience with Penetration testing (black box , white box, gray box) is a plus
  • Knowledge of FDA guidance and EU standards on cybersecurity is a plus

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed