As an Information Systems Security Officer with MTSI you will be responsible for ensuring the confidentiality, integrity, and availability of information systems. This role involves developing, implementing, and maintaining security policies, procedures, and controls to protect sensitive data and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. You will work closely with IT staff, management, and other stakeholders to identify and mitigate security risks, respond to security incidents, and maintain compliance with relevant regulations and standards.

You will also perform as a System Administrator on systems where you do not act as ISSO. You will be responsible for the upkeep, configuration, and reliable operation of computer systems, servers, and networks to ensure they function efficiently, securely, and meet organizational needs. Core duties involve daily maintenance, software and

hardware updates, network monitoring, troubleshooting technical issues, and managing user access and security measures.

This position will be located at Wright-Patterson AFB.

ROLE AND RESPONSIBILITIES*

Duties to be independently executed include but are not limited to:

-Develop, implement, and maintain comprehensive security policies, standards, and procedures, ensuring alignment with organizational objectives, adherence to regulatory mandates (e.g., NIST, HIPAA, PCI DSS, GDPR), and incorporation of industry best practices; regularly review and update documentation for accuracy and relevance; and effectively communicate these policies to all stakeholders.

-Conduct routine risk assessments to identify vulnerabilities and potential threats to information systems; develop and implement tailored risk mitigation strategies and plans; and continuously monitor and report on the effectiveness of risk management controls.

-Continuously monitor security logs and alerts for suspicious activities indicative of potential security incidents; promptly investigate and respond to security incidents in a timely and effective manner, adhering to established protocols.

-Meticulously document all security incidents and their resolutions, capturing key details for future reference and analysis; actively participate in incident response exercises and simulations to enhance preparedness and refine response strategies.

-Conduct regular security audits and assessments to ensure strict compliance with both internal security policies and external regulatory requirements; diligently identify and address any security vulnerabilities and weaknesses uncovered during audits.

-Evaluate and recommend cutting-edge security technologies and solutions to enhance the organization's security posture; oversee the seamless implementation and ongoing maintenance of critical security tools, such as firewalls, intrusion detection/prevention systems (IDS/IPS), anti-malware software, and data loss prevention (DLP) systems.

-Implement and manage granular user access controls and permissions, adhering to the principle of least privilege to minimize the risk of unauthorized access to sensitive data and critical systems.

-Maintain accurate and up-to-date security documentation, including policies, procedures, and incident reports; prepare and present comprehensive security reports to management and other stakeholders, highlighting key findings, trends, and recommendations for continuous improvement of the organization's security posture; stay informed on the latest security threats, vulnerabilities, and technologies.

System Administrator:

-Perform network system administration: Administer and maintain assigned multiple systems and act as the POC for networks

-Define IT issues and work to resolve through coordination with appropriate organizations/personnel

-Identify system problems of an unusual or complex nature and develop corrective action

-Continually survey system operation to identify and anticipate potential problems which could lead to loss or serious interruption or compromise of system availability

-Troubleshoot and analyze unusual or complex hardware and software malfunctions to resolve physical and logical processing problems and recommends acquisition of equipment, software and/or hardware which will resolve operational problems

-Analyze and diagnose system failures to isolate source of problems. Support testing, troubleshoot, and correct complex or unusual problems involving interface and interoperability of system components such as hardware, systems software, and applications programs

-Maintain inventory control records for all IT equipment, to include current and future inventory; this includes new software and networks

-Oversee the installation and configuration of applications software and the establishment of user environments

-Manage installation of system patches and enhancements/updates and ensure system integrity is not compromised

Ensure maintenance and upgrade procedures are established in such a way as to minimize disruption to normal business functions of organization within the installation. This includes ensuring scheduled backups and the application of upgrades or system patches will have minimum impact

-Provide proactive consultation and instruction with system users to ensure seamless implementation of changes

QUALIFICATIONS AND EDUCATION REQUIREMENTS*

Security+ Certification

Bachelor’s degree in Computer Science, Information Systems, or other related field.

1+ years’ experience in information security, with a focus on security policy development, risk management, and incident response.

· Experience with security frameworks such as NIST, ISO 27001, or CIS Controls.

· Strong understanding of information security principles and practices.

· Technical writing skills for developing security policies, procedures, and reports.

· Ability to understand technical documentation and vendor information.

1+ years’ experience providing technical support, resolving hardware, software, and network issues, and using ticketing systems and communication tools to assist users

#LI-BG1