Information Systems Security Officer

Information Systems Security Officer

In this role as an Information Systems Security Officer you will develop, maintain, and implement information security standards, procedures, and guidelines for systems and applications in accordance with corporate and DoD/IC governance. In addition, you will ensure that systems and organizational asset security posture prevents unauthorized access/disclosure, and monitor system CIA, assist in threat identification, and support DRP/IRP operations.

What You'll Be Doing:

• Meeting IA and cybersecurity requirements for the systems in accordance with relevant Intelligence Community Directives (ICDs), National Institute of Standards and Technology (NIST) Special Publications, and guidance provided by cognizant program Authorizing Official(s).
• Implementing and maintaining all aspects of cybersecurity engineering support in accordance with program-applicable federal, DoD, and agency-specific security initiatives. Supporting verification of system hardware cybersecurity compliance.
• Implementing relevant DoD accreditation/certification policies and procedures for DoD Information Technology (IT) during the program for delivered systems.
• Monitoring, evaluating, and applying cybersecurity alerts/notifications from authoritative sources to ensure relevant current data is being utilized to maintain a secure baseline.
• Maintaining hardware baselines and conditions that allow vulnerability scanning tools to maintain compliance with relevant security controls and policies, IA vulnerability alerts, and cybersecurity Security Technical Implementation Guides (STIGs).
• Guiding the application of the Risk Management Framework (RMF) process to system hardware instantiations on U.S. Government unclassified and classified systems and networks, as required.
• Supporting Hydra by providing information needed for input, assessment, and update of security controls into the appropriate management systems of record (e.g., Enterprise Mission Assurance Support Service (eMASS)).
• Assisting with the development of hardware Assessment and Authorization (A&A) documentation and security compliance packages needed to obtain various Authorities to Operate (ATOs) for specific networks and systems.
• Supporting the development of Program of Actions and Milestones (POAMs) associated with the ATO process.
• Supporting the development and maintenance of a program architecture and technology roadmap incorporating cybersecurity requirements to comply with the Department of Defense Architecture Framework (DoDAF).
• Performs assessments of systems and networks within the networking environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations (compliance audits) and active evaluations (vulnerability assessments).
• Establishes strict program control processes to ensure mitigation of risks and supports for obtaining certification and accreditation of systems. This includes process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections, and periodic audits.
• Assists in the implementation of required government policy (e.g., NISPOM, JSIG, CNSSI, ISOI, DoDI, etc.), and makes recommendations on process tailoring.
• Supports the formal Security Test & Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
• Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed.
• Demonstrates advanced subject matter expertise in job family.
• Contributes to and may lead the planning and implementation of large programs in the function, and regularly interfaces with senior management and executive leadership.
• Assists system integration/deployment efforts by providing hands on support to ensure security solutions/control mitigations exist on systems under test as well as production networks.
• Work with engineering staff to investigate and field technical solutions and address vulnerability mitigation strategies.
• Performs other responsibilities associated with this position as may be appropriate.
• Support cyber and company leadership meeting objectives for ongoing projects in ALL areas of the RMF and risk assessment/mitigation/reporting process.
• Serves as the primary interface with corporate and mission partner(s) to increase overall security posture.

What Required Skills You'll Bring:

• Minimum of a BS in Cyber Operations/Computer Science or related field
• Minimum of 10 years of total work experience
• Minimum of 5 years of related experience with Risk Management Framework (RMF)
• An active IAT II / IAM I Level certification
• Intermediate/working knowledge of: Linux (ROCKY/RHEL/UBUNTU), Windows (Server, Workstation), VMWare (Other virtualization platforms), Networking devices (Cisco/Palo alto/Juniper)
• Expert knowledge of: Compliance/Vulnerability evaluation and assessment tools: SCAP/STIG Viewer, ACAS / OSCAP / OWASP; RMF systems experience: eMASS / Xacta / SCTM; AV/Malicious code detection tools: HBSS / Symantec (Other HIPS, HIDS, NIPS, NIDS tools); SIEM tools/LCE(s): SPLUNK, Cornerbowl, Tenable LCE, etc.; Software evaluation tools: SonarQube, Fortify, etc.
• Active Top Secret w/SCI eligibility and ability to obtain CI Polygraph.

What Desired Skills You'll Bring:

• Strong leadership skills
• Management experience
• Ability to work with minimal oversight
• An active CASP+ CECCNP Security+, CISA, CISSP, GCED, GCIH, CCSP or CISSP
• Experience with AWS and other cloud platforms
• Familiarity working with IC and DoD community partners and special programs

Security Clearance Requirement: An active Top Secret SCI security clearance is required for this position.