Work with the VA customer to discover and mitigate cybersecurity risks, understand and apply policies to address requests for information on cyber best practices, conduct modified risk assessments, and provide information system security expertise to ensure the appropriate operational security posture is maintained for research information systems and research study protocols. Analyze new policies or addenda to existing research policies that apply minimal appropriate security mitigations in support of research mission objectives. Conduct information security reviews on VA sponsored and industry sponsored clinical trials. Analyze security reports, standard operating procedures, and other security policy artifacts and conduct training on research related cyber practices. Work with your client to ensure information security reviews are conducted in accordance with VA Research guidance and directives to help the client ensure that research information systems, applications, research scientific computing devices, and software used in research meet VA and NIST standards. Work with the VA research community and facility ISSOs to ensure clinical studies and trials are protecting veterans' sensitive data.

Support or lead a team of System Security Engineers and Certification and Accreditation Analysts responsible for ensuring the customer’s national and international security interests are protected as acquisition systems are designed and testedChair and or Co-Chair customer and SAP community IA working groups, participate in SSE IPT reviewsPerform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration with existing SAP network infrastructures Provides expert level consultation and technical services on all aspects of Information Security Review SSE related designs and provides security compliance recommendationsDevelop and provide IA risk management recommendations to the customer Provide SSE support for Mission and Training systems design and developmentAssist with development and maintenance of the Program Protection Plan & Cybersecurity Strategy Assist with site activation activities and design reviewsRepresent the Government Program Manager in various SSE related working groups, advisory groups, and advisory council meetings

Develop IT architecture deliverables, specific to information security countermeasure implementations, for operational systems and systems under development. Develop IT security policies, standards, and guidance. Conduct assessments of existing IT architecture for compliance with security requirements from applicable security frameworks (such as JFAN 6/3, NIST 800-53, ICD 503 practitioners hand guide, etc.). Create documentation to support information system authorization/accreditation packages. Provide continuous monitoring support for information systems.

Establish information system boundaries and assess the severity of weaknesses and deficiencies in an information system, POA&Ms, risk mitigation approaches, security alerts and potential adverse effects of identified vulnerabilities. ISSO assumes responsibility for maintaining the security posture of the information system on a day-to-day basis. Ensure all available resources that provide warnings of system vulnerabilities or ongoing attacks are monitored. Maintain a repository of all security authorizations for ISs under their purview. Coordinate IS security inspections, tests and reviews. Ensure proper measures are taken when an IS incident or vulnerability is discovered. Ensure data stewardship and responsibilities at established for each IS, and specific requirements (to include accountability, access and special handling requirements) are enforced. Ensure development and implementation of an effective IS security education, training and awareness program. Ensure CM policies and procedures for authorizing the use of hardware/software on an IS are followed, and that any additions, changes or modifications to hardware, software or firmware are coordinated with the ISSM and appropriate AO prior to the addition, change or modification.Maintain a working knowledge of system functions, security policies, technical security safeguards and operational security measures. Ensure all security-related vulnerabilities are documented in the SAR/POA&M and/or the RAR and ensure serious or unresolved violations are reported to the AO/DAO. Assessing changes to the system, its environment and operational needs that could affect the security authorizations; and working collaboratively with the ISO and ISSE on the risk assessment process.

Mapping an authenticated identity to a network or information system account or granting or denying access to information based on the authorizations associated with an account or role. Disabling, suspending, or removing accounts when access is no longer authorized. Terminating access to the related application account(s) when a role changes or is terminated. Accomplished this through rules or through documented standard operating procedures. Reviewed and approved system authorization access request (SAAR) for EC-ESC admin and user accounts for entire east coast (46 sites, 515 people). Ensured appropriate justification, type of access required, and appropriate supervisor approval. Also coordinated with security office to ensure appropriate clearance, ensured information owner verified and signed, and provided signed copy to account creation personnel. Operates Assured Compliance Assessment Solution (ACAS) to remediate network and cyber vulnerabilities in accordancewith Department of Defense intelligence community policies for $100 million network. Adeptly and accurately maintained accountability for over 76,000 pieces of media ensuring security of classified material. Supported the coordination, implementation and administration for the deployment, utilization, and modification of the Host Based Security System (HBSS).

Administers the full range of cyber surety disciplines to include COMSEC, COMPUSEC, EMSEC, Network Certification and Accreditation, Information Assurance Assessment and Telecommunications Monitoring and Assessment Programs. Provides accreditation guidance and advice to Designated Approving Authorities on classified or unclassified networks along with stand alone systems. Interprets IA directives, policies, and procedures. Provides program guidance to users through training programs and staff assistance visits. Enforces IA compliance through inspection programs. Reviews network configuration change proposals for compliance to information system and network security directives, and local policies. Develops and enforces Internet use policy.

Oversees, plans, implements, manages, and supports the COMSEC aspects of programs, including centralized record maintenance of COMSEC equipment, components, and material. Responsibility for supporting the receipt, custody, issue, safeguarding, accounting for, and, when necessary, the destruction or COMSEC material. Performing Field Tamper Recovery (FTR), upgrading cryptographic device firmware, and ensuring the interoperability of firmware versions between enterprise encryptors. Knowledge of the General Dynamics TACLANE line of In-Line Network Encryptors (INE), to include the KG-175A, KG-175D and KG-175G. Reading and interpreting complex network drawings and documentation as they relate to cryptographic requirements. Performing hands-on installation, maintenance, configuration and troubleshooting of COMSEC equipment, as required. Programming and operating approved key fill devices, including KIK-20 and KIK-30 and AN/CYZ-10. Performing Over-The-Air-Transfer (OTAT) of key material to remote sites using the General Dynamics Sectera vIPer and the L-3 Secure Terminal Equipment (STE). Carry out and administer a cryptographic access program within their respective organizations. This program shall include cryptographic access briefings and execution of cryptographic access certificates.

Perform the duties and responsibilities of Emission Security (EMSEC) Manager. Trained on program management, equipment and facility zoning, the EMSEC problem, specific countermeasures, conduction assessment and countermeasures reviews, the protected distribution system (PDS), the EMSEC classification guide and maintenance and testing. Ensure the protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from communications systems and cryptographic equipment intercepts and the interception and analysis of compromising emanations from cryptographic—equipment, information systems, and telecommunications systems. Perform Emissions Security (EMSEC/TEMPEST) assessments/reassessments for new and existing classified processing areas. Create diagrams, floor plans, complete Air Force Form 4170s (EMSEC/TEMPEST assessment document), and send to the Air Force Certified Tempest Technical Authority (CTTA) for validation. Perform EMSEC/TEMPEST inspections to ensure all required emission security countermeasures are implemented. Track EMSEC/TEMPEST assessments, inspections, inspection reports, EMSEC/TEMPEST certifications, and maintain the EMSEC/TEMPEST documentation. Responsible for conducting assessments and implementing prescribed responsibilities, policies, procedures, and guidance as described in Air Force Policy Directives.

Perform the protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from communications systems and cryptographic equipment intercepts and the interception and analysis of compromising emanations from cryptographic—equipment, information systems, and telecommunications systems. Perform Emissions Security (EMSEC/TEMPEST) assessments/reassessments for new and existing classified processing areas. Create diagrams, floor plans, complete Air Force Form 4170s (EMSEC/TEMPEST assessment document), and send to the Air Force Certified Tempest Technical Authority (CTTA). Perform EMSEC/TEMPEST inspections to ensure all required emission security countermeasures are implemented, and performed inspections of protected distribution system (PDS). Track EMSEC/TEMPEST assessments, inspections, inspection reports, EMSEC/TEMPEST certifications, and maintain the EMSEC/TEMPEST documentation. Responsible for conducting assessments and implementing prescribed responsibilities, policies, procedures, and guidance as described in Air Force Policy Directives.