Information System Security Officer - Senior

About The Position

Requirements

• Must have active Top-Secret clearance with SCI or TS with the ability to acquire SCI
• 8 years of relevant experience
• In-depth knowledge of Microsoft Windows OS (client and server) and familiarity with Red Hat Enterprise Linux (RHEL).
• Experience with security configurations across multiple operating systems in various environments, to include Windows and Linux, utilizing Active Directory/Group Policy
• Experience in the development of technical documentation to include artifacts required to support Assessment and Authorization (A&A) under the Risk Management Framework
• Experience with XACTA, ACAS/NESSUS, Trellix, and Splunk
• Experience with DISA STIGs and DISA Viewer
• Experience with risk
• 2 years of knowledge and experience with NESSUS/ACAS and Trellix administration
• Must be able to work a 40-hour work week, normally Monday through Friday.
• Ability to work overtime during critical peaks and be available to meet last minute requests for overtime if needed.
• Ability to travel (5-10%) primarily within 75 miles.
• Familiarity with MS Office applications such as Excel, Word, Outlook, SharePoint, Project, and Visio.
• Exceptional attention to detail; excellent verbal and written communication skills; strong critical thinking, organizational, time-management, and problem-solving skills.
• Ability to work both independently and as part of a team in a dynamic environment.
• Must have active Top-Secret clearance with SCI or TS with the ability to acquire SCI
• Bachelor’s degree in IT related field
• 8 years of relevant experience
• Must possess or be able to obtain one of the following 8140 IAT Level II or III baseline certifications before start date: Level II certs include – CCNA Security, CySA+, CND, Security+ CE Level III certs include – CASP CE, CCNP Security, CISA, CISSP (or Associate)

Nice To Haves

• Previous supervision and/or participation with Cybersecurity Assessments and Authorizations
• Familiarity and the ability to aid with the cybersecurity tools such as ForeScout, Ivanti, and Trellix

Responsibilities

• Generate and maintain the complete security Body of Evidence (BoE) while leading the A&A activities according to the Risk Management Framework (RMF) processes (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.) for all multiple information systems.
• Lead the development and maintenance of information security policies, standards, and control procedures to enable compliance with RMF.
• Complete Security Authorization packages, to include System Security Plans, Security Assessment Reports, POA&M summaries, and a Continuous Monitoring Plan/assessment schedule within XACTA, and present executive briefings to senior management.
• Conduct thorough auditing of security information and events utilizing advanced tools like Splunk and NESSUS to detect and mitigate potential threats, ensuring the integrity of the enterprise.
• Ensure security risk assessments are conducted as appropriate on any system upgrades, software/hardware changes, etc.
• Ensure security authorization boundaries are properly defined and captured in the system security plans, and that all interconnection agreements are in place and current.
• Ensure system security controls contain accurate implementation statements and assessment results, and that appropriate artifacts are completed to support findings; provide hands-on assistance as appropriate.
• Ensure POA&Ms have appropriate milestones, accurate description of the weaknesses and remediation, estimated cost and realistic due dates providing hands-on assistance to components as necessary.
• Maintain day-to-day security posture and continuous monitoring of all Information Systems.
• Review system vulnerability scans, verify implementation of DISA STIGs, and ensure other security relevant information system configuration tasks are completed.
• Perform test/evaluation of required technical security controls including performing certification tests and periodic inspections of information systems.
• Develop and conduct test procedures for verification A&A, RMF safeguards to meet customer requirements based NIST publications.
• Assess changes to an IS by performing periodic self-inspections, tests, and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities.

Benefits

• Health, dental, and vision insurance
• Paid time off and holidays
• Retirement benefits (including 401(k) matching)
• Educational reimbursement
• Parental leave
• Employee stock purchase plan
• Tax-saving options
• Disability and life insurance
• Pet insurance