Information System Security Officer (TS/SCI & Expat to Guam Required)

Lockheed Martin•King of Prussia, PA

2d•Onsite

About The Position

PLEASE NOTE THIS POSITION REQUIRES THE CANDIDATE TO EXPATRIATE FULL TIME TO GUAM FOR 6-12 MONTHS WITH POSSIBILITY OF EXTENSION IN ADDITION, THE SELECTED CANDIDATE WILL BE REQUIRED TO ATTEND TRAINING IN KING OF PRUSSIA, PA UPON ONBOARDING. Who We Are: Lockheed Martin is a pioneer in cyber security—partnering, innovating, and building cutting edge solutions. Our talented employees tackle the world’s toughest engineering challenges every day, leveraging their unique skills and experiences to design and deliver breakthrough technology. We empower our people to think big, perform with excellence, and create extraordinary products. If you have the passion and courage to dream boldly, join our culture and help build a better tomorrow. We provide the resources, inspiration, and focus you need to succeed. The Work: Lockheed Martin’s Rotary & Mission Systems (RMS) division is seeking an experienced Information System Security Officer (ISSO) to protect mission critical OCONUS information systems. This role ensures confidentiality, integrity, and availability in line with DoD, NIST, and Lockheed Martin security policies, while providing day to day oversight across the system lifecycle. The ISSO is responsible for the oversight of the information system’s security posture. Emphasis is placed on the application and sustainment of the NIST security controls to ensure cyber security requirements are properly administered throughout the system. The ISSO collaborates and consults with the Information System Security Manager (ISSM) regarding the design, development, integration and analysis of classified information systems. Effective communication and an ability to work collaboratively as well as independently are key attributes needed to be successful in this role. Frequent interaction with internal and external stakeholders is required. Along with the ISSM, the ISSO provides clear direction related to cybersecurity compliance standards. Communication with the government Security Control Assessor (SCA) is required to ensure standards are met. The ISSO is a primary stakeholder and will assist the ISSM with facilitating continuous monitoring efforts that promote RMF compliance.

Requirements

All candidates must possess a Final Top Secret Clearance w/SCI.
All candidates must possess a DoD 8570 IAM Level I certification or higher (e.g., Security + CE, CAP, CASP CE, CISM, CISSP, GSLC, or equivalent).
Demonstrated experience applying and documenting policy and system configurations that satisfy NIST 800-53 Security Control requirements across all Control Families.
Ability to interpret the requirements necessary for the effective implementation of Security Controls. Technologies include but are not limited to Windows, Linux, Virtualization, Network Infrastructure, etc.
Ability to develop and update relevant RMF artifacts such as the System Security Plan (SSP), Plan of Actions and Milestones (POA&M), Security Controls Traceability Matrix (SCTM), as well as the associated security policies and procedures.
Ability to perform continuous monitoring activities using Industry Standard tools such as Tenable Nessus, Security Center, Splunk, ELK, HBSS ePO, etc.
Experience leveraging Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs) and configuration standards to support system hardening.

Nice To Haves

Experience working with and interpreting Security Directives, Policies, Publications and Regulations (e.g. ICD 503, JSIG, and/or DCSA Assessment and Authorization Guide (DAAG)).
Experience using cybersecurity tools such as Nessus, Splunk, SCAP, HBSS, STIG Viewer to support compliance and monitoring activities
Previous experience supporting SAP / SCI environments as an ISSO / ISSE.

Responsibilities

Direct day to day security management for classified systems.
Perform day-to-day information system security operations including auditing the IS and reviewing hardware and software baselines.
Maintain and update System Security Plans (SSPs), Authorization Packages, and Continuous Monitoring Strategies.
Conduct formal risk assessments, vulnerability analyses, and impact assessments; prioritize remediation actions and track mitigation status.
Participate in internal/external security audits and inspections.
Assist in the preparation of Authority to Operate (ATO) packages and support periodic re-authorizations.
Partner with program managers, engineers, acquisition personnel, and internal/external auditors to embed security controls early in the design and development phases.
Assist in conducting investigations of computer security violations and incidents, reporting as necessary.
Facilitate internal and external audits, ensuring timely closure of findings and ongoing compliance with all applicable regulations.
Ensure configuration management (CM) and IS security documentation is maintained.
Assist the development and delivery of security awareness training.