Cyber Security Engineer/Information Systems Security Officer (ISSO)

About The Position

Requirements

• Bachelor's degree and 7+ years of related professional experience.
• Active Secret clearance.
• DoD 8570 compliant IAM Level II certification is required (Security +)
• Experience with DoD's RMF and SSP processes
• This position requires access to information that is subject to compliance with the International Traffic Arms Regulations (“ITAR”) and/or the Export Administration Regulations (“EAR”). In order to comply with the requirements of the ITAR and/or the EAR, applicants must qualify as a U.S. person under the ITAR and the EAR, or a person to be approved for an export license by the governing agency whose technology comes under its jurisdiction.
• A “U.S. person” according to the ITAR definition is a U.S. citizen, U.S. lawful permanent resident (green card holder), or protected individual such as a refugee or asylee. See 22 CFR § 120.15.

Nice To Haves

• Experience with MDA specific RMF and SSP processes
• Self-Motivated
• Customer-oriented

Responsibilities

• Serve as a member of the cybersecurity team, developing System Security Plans (SSPs), Interim Authority to Test (IATT), Authority to Connect (ATC) and, Authority to Operate (ATO) packages.
• Perform technical work utilizing the Risk Management Framework (RMF) process including analyzing and solving Information Assurance (IA)-related technical problems.
• Ensure that system security artifacts are developed, reviewed, and updated as needed.
• Confirm all RMF requirements are properly addressed and required artifacts are loaded and managed within Enterprise Mission Assurance Support Service (eMASS).
• Analyze complex problems, identify root causes, and develop actionable recommendations with effective solutions.
• Interface with other cyber teams to review RMF Contract Data Requirements List (CDRL) submissions and ensure timely delivery of CDRL artifacts, while providing feedback to ensure the sufficiency and quality of cyber artifacts.
• Periodically conduct a review of each system's audits and monitors corrective actions until all actions are closed.
• Perform vulnerability/risk analysis of systems using expertise in relevant information systems security.
• Track and monitor Plan of Action and Milestones (POA&M).
• Conduct reviews of cybersecurity artifacts and technical briefings and work with customer to resolve any findings.
• Ensure that identified security controls are implemented and operating as intended through all phases of the lifecycle.
• Track deliverables (i.e., artifacts, schedules, metrics).

Benefits

• AV offers an excellent benefits package including medical, dental vision, 401K with company matching, a 9/80 work schedule and a paid holiday shutdown.