Cyber Information Security Specialist (ISSM) Level 3

About The Position

Requirements

• At least 7 years of experience working as ISSM or ISSO in the Intelligence Community
• TS/SCI w/ Polygraph required at time of application
• Bachelor’s Degree in Information or Cyber Security, or equivalent work experience.

Nice To Haves

• CISSP, CISA, and CCSP certifications

Responsibilities

• Review and analyze systems architecture diagrams and networks.
• Assess security system needs and provide corrective actions into a coherent security strategy.
• Support Assessment and Authorization (A&A) requirements and process and apply ICD 503, NISPOM, and other federal guidelines in support of systems used at contractor facilities.
• Help in the creations of new processes to support Sponsor and partners to advance security and lower risk: Cyber Reset – binning and profile system initiative.
• Pilot and enhance Sponsor Front Office initiatives based on direct requests.
• Create custom documentations and step-by-step processes to streamline cyber risk reduction, security relevant changes, and help maintain the current understanding of Sponsor systems.
• Assist Sponsor systems owners and/or service providers throughout the risk management framework (RMF), including the assessment and authorization (A&A) processes.
• Provide advice to Sponsor system owners and/or service providers on the creation of required system documentation or body of evidence; review and provide recommendation for approval or disapproval, as appropriate.
• Assess security and privacy controls and data protection in sponsor information systems and environments of operation as part of the initial security assessment and during operational changes affecting information systems’ security posture.
• Assist the security control accessors (SCA), as appropriate, in performing security systems assessments and reviewing risk elements in the executive Risk System (ERS) report.
• Create plans of action & milestones (POA&Ms) and/or request risk acceptance through a security assessor (SA), who will certify the ERS report to the appropriate authorizing official (AO) or designated AO.
• Provide oversight and guidance to ensure compliance with Sponsor information security regulations and policies on processes and request, such as Data Transfer Request; Access Request; Service/Change Request; Purchase Request; Accountable Property Management; Waivers, including medical devices and introduction (use) of equipment /devices into SCIF; and Equipment Transport.
• Build relationships, to include Interagency, with system owners and stakeholders.
• Review and approve requests to include but not limited to Sponsor system access system, crypto, hardware orders, and Sponsor portal waivers (SCIF 705, IT, DTO, medical devices, and Sponsor Certs.
• Facilitate development, maintenance and security review of AIS security plans for computers, networks, and information systems deployed and used at contractor facilities, ensuring that sponsor and program approving signatures are acquired and documented.
• Conduct technical exchange meetings to facilitate AIS security solutions for both industrial contractors and government systems; and produce comprehensive solutions to technically complex systems and challenges.
• Advise and answer questions regarding Sponsor’s AIS policies, including providing recommendations on waivers and mitigations as appropriate to meet mission requirements.
• Ensure documentation is complete and accurate in accordance with Sponsor AIS policies and requirements.
• As necessary, support the investigation of virus/malware alerts/incidents to determine root cause, entry point of code, damage risk, and report this information.
• Write reports based on technical analysis of sponsor or industrial partners systems, and as applicable provide recommendations for mitigating issues in the future.
• Participate in project review meetings and provide technical cyber security advice/expertise to Sponsor personnel.
• Review complex sponsor and industrial partners system designs for security risk and compliance with sponsor policy and regulations; propose resolution and preventive strategies.
• Communicate complex technical concepts, project information, and security policy clearly and concisely to both technical and non-technical audiences.
• Continuously developing and maintaining a safe work environment.
• Completing all training requirements and fulfilling all self-aid/buddy aid responsibilities, participating in emergency response tasks and serving on safety committees and teams.
• Conforming to the Amentum Quality Policy and carrying out job activities in compliance with applicable Amentum Quality System documents and customer contracts.
• Reading and understanding Quality Management and Customer Satisfaction responsibilities.
• Reading, understanding and implementing the general and specific operational, safety, quality and environmental requirements of all plans, procedures and policies pertaining to his/her job.

Benefits

• Health, dental, and vision insurance
• Paid time off and holidays
• Retirement benefits (including 401(k) matching)
• Educational reimbursement
• Parental leave
• Employee stock purchase plan
• Tax-saving options
• Disability and life insurance
• Pet insurance