The ISSM serves as the principal advisor on all matters, technical and otherwise, involving the security of the Information Systems for FLARE.  All duties and responsibilities are defined in the NISPOM and DAAPM.  The ISSM will be affiliated with the UF Information Security Office (ISO) and solely dedicated to FLARE.  As such, the ISSM will perform these functions in coordination and collaboration with the UF ISO utilizing existing UF policies, standards, guidelines, processes, and technologies.

Administrative: 
The ISSM is primarily responsible for maintaining the overall security posture of the systems within FLARE and is accountable for the implementation of the UF Risk Management Framework (RMF).  This includes all documentation responsibilities including producing/developing security documentation (e.g., SSP, POA&M, reporting, process, and procedures, and supporting artifacts, etc.).  This position also ensures that the user community understands and adheres to necessary processes and procedures to maintain security through a robust training and awareness program.

Security Engineering: 
Ensuring the fulfillment of the Information Owner, IO, data requirements (e.g., storage, processing, AFT, incident response, collection, dissemination, and disposal).  Performing cybersecurity (monitor, audit, analyze) enterprise information systems support for events to include unauthorized access, insider threat, hacking or penetration attempts from known threats, identifying presence of unauthorized software or malicious code on both classified and unclassified networks and reporting them as necessary.  Implementing security controls that protect the Information Systems, IS, during development, testing and production stages.  Implementing and maintaining the IS in accordance with the agreed-upon security controls documented in the SSP.  Taking necessary actions to proactively address issues and guide support personnel to preclude system failures or disruptions; identifying and addressing vulnerable computers that may be used in exploitation, data infiltration, and data compromise.

Operations: 
Developing incident management, change management and the Continuity of Operations Plan (COOP).  Ensuring review of weekly bulletins and advisories that impact security of site information systems to include AFNOSC-NSD, ACERT, NAVCIRT, IAVA, and DISA ASSIST bulletins.  Ensuring that periodic testing is conducted to evaluate the security posture of the ISs by employing various intrusion/attack detections and monitoring tools.  Manage COMSEC Support, Emission Security and eMASS, ITIPS or Xacta and manage UL-2050 standards for closed rooms. Collaborate with UF Research Integrity, Research Computing, UFIT, FLARE Security (AFSO and ASMs) and Director if/as necessary in order to maintain the overall security posture of operations.

Other:  May be required to perform other duties as assigned by supervisor, as needed.

KNOWLEDGE:

• Requires intermediate level knowledge of client/server, network topology, network/infrastructure security, network operating systems, and web technologies.
• Understanding of Risk Management frameworks as described in NIST SP 800-37.
• Knowledge of security and privacy requirements such as FISMA Security Requirements and their effects on delivering software to Federal Agencies.
• Familiarity with multi-platform environments and their operational/security considerations.
• Working Knowledge of Operating Systems such as: Linux, Windows, UNIX.
• Working knowledge of LDAP, Active Directory and other Identity Providers.
• Understanding of middleware and web servers such as Apache and IIS, JBoss.

SKILLS:

• Requires intermediate level problem solving skills as well as teamwork and communication skills including speaking and writing skills.
• Communication skills and knowledge of industry trends.

EXPERIENCE:

• Minimum of 7 years of combined IT and security experience with a broad range of exposure to data, networks, systems, and web monitoring tools, techniques, and threats.
• Preference is for candidates with a background in systems administration.
• Candidates must have experience implementing and supporting infrastructures that meet and adhere to the controls defined in the DoD Intelligence Information System (DoDIIS) – Joint Security Implementation Guide (DJSIG) and the DoD Joint Special Access Program Implementation Guide (JSIG). Successful experience implementing and supporting the Risk Management Framework (RMF) as defined in the above directives is required.
• Candidates require experience implementing and supporting Defense Information System Agency (DISA) Secure Technical Implementation Guides (STIG) for Red Hat Linux and Microsoft Windows Server Operating Systems.
• Experience with the use of NIST SP 800-53r4 for SSP documentation.
• Experience in application development lifecycles.
• Experience engaging with large engineering, development, and operations teams.
• Understanding and experience with vulnerability scanners including static, dynamic, and Host, OS and Database scanners such as Nessus.

OTHER PREFERRED QUALIFICATIONS:

• IAM Level III Certification (GSLC, CISM and/or CISSP).
• Prefer candidates with an institutional knowledge of the University of Florida’s IT environment and information systems.
• Must be flexible in work style and able to work in open workspace environment.
• An active DOD Secret Security Clearance.  DoD 8570 Compliance.