Information Systems Security Officer

About The Position

Requirements

• Experience working in information assurance or cybersecurity roles supporting classified DoD environments
• Working knowledge of NIST 800-53 controls and RMF
• Experience analyzing and interpreting outputs of various endpoint security, vulnerability, and enumeration tools (example: Tenable Nessus, Security Center, SolarWinds, EndPoint Security Solutions, Vulnerator, SCAP Compliance Checker)
• U.S. citizenship required.
• Must pass a pre-employment drug test.
• Must have a fully adjudicated (not an interim) U.S. Government-issued security clearance at time of hire.
• Bachelor’s degree in Cybersecurity or other related field and 3+ years of experience, or Master’s degree
• DoD 8570 IAM Level I (Security+) or higher baseline certification (CISSP preferred)

Nice To Haves

• Strong interpersonal and written/oral communication skills to coordinate with program/site leads as well as government staff and mission partners
• Experience working on/with Government contracts
• Detail-oriented team member who can consistently meet deadlines and is able to work independently as needed
• Able to multi-task and work with a diverse work group of vendors, executive managers, subcontractors, consultants, and other professionals.

Responsibilities

• Work as part of an integrated team to develop and maintain RMF body of evidence documentation (example: System Security Plan, Security Controls Traceability Matrix, Plan of Action and Milestones, ATO’s) using Microsoft products such as Word, Excel, PowerPoint, and Visio.
• Maintain repositories of all body of evidence documentation for systems under your purview and ensure they are accessible only to properly authorized individuals.
• Develop and execute security control assessment procedures to verify conformance with control requirements as part of ongoing continuous monitoring and authorization assessment activities.
• Work in close coordination with system administrators and other cyber team members to ensure systems are operated, maintained, and disposed of in accordance with applicable security policies and procedures and notify the ISSM when changes occur that might impact system authorization posture.
• Support the CISO, PM, ISSM or ISO in maintaining current authorization to operate, and approval to connect, and in implementing corrective actions identified in the plan of action and milestones. Coordinates, with the CISO, PM, ISSM and AO staffs, development of an IS Configuration Management strategy and monitor any proposed or actual changes to the system and its environment.
• Ensure all security-related vulnerabilities and deficiencies are documented in the Plan of Action and Milestones (POA&M).
• Ensure integration of cybersecurity into, and throughout the lifecycle of the IT, on behalf of the ISSM and ISO.
• Ensure the development and implementation of an effective information security education, training, and awareness program.
• Ensure configuration management policies and procedures for authorizing use of hardware/software on a system are followed and coordinate any additions, changes or modifications to hardware, software, or firmware with the ISSO/ISSM prior to the addition, change or modification.
• Ensure software, hardware, and firmware complies with appropriate security configuration guidelines (e.g., security technical implementation guides (STIG)/security requirement guides).
• Reports security incidents or vulnerabilities to the CISO/ISSM/wing cybersecurity office according to AFI 17-203, Cyber Incident Handling.