Information System Security Officer

About The Position

Requirements

• Bachelor's degree and 8 – 12 years related experience in Information Systems, Computer Science or related field or a Master’s with 6 – 10 years of related experience. Additional relevant experience, training, and / or certification may be considered in lieu of degree.
• Currently hold active TS/SCI with Polygraph clearance
• Hold current DoD 8140 IAT II Certification or higher (minimum Security +).
• Detailed understanding of the Risk Management Framework (RMF), NIST, ICD, and CNSS standards.
• Familiarity with network technologies (LAN & WAN) and best practices within a classified environment to include crypto and key management.
• Working knowledge with Microsoft Windows operating systems (workstation & server), Linux, and system virtualization (multiple hypervisors) in a secure network environment.
• Experience with compliance scanning tools (e.g. SCAP) and vulnerability scanning tools (e.g. ACAS/NESSUS).
• Hands on experience with DISA Security Technical Implementation Guide (STIG) implementation and management.
• Experience using Splunk or other event gathering software.
• Must be able to work in a constantly changing regulatory environment with short-, mid-, and long-term timelines for remediating any non-compliance.
• Must be able to work well within a team environment and able to adapt quickly to change.
• Demonstrate strong writing and verbal presentation skills.
• Experience with eMass package submittals, POA&M management and Document SOP updates.

Nice To Haves

• DoD IS knowledge and experience.
• Security hardening automation experience.
• Microsoft OS Certification (MCSE Win 11 or other).
• Linux certification (RHCSA, CompTIA Linux, LCFS/LCFE, etc.).
• Understanding of Sensitive Compartmented Information Facility (SCIF) standards.
• Strong knowledge vulnerability/quality scanning tools.
• Knowledge of agile development processes and DevOps tools such as Jira, Bitbucket, Confluence.
• Knowledge of SNOW navigation for IC customers.
• Additional desired certifications include CCNA, CISSP, MCSE, and/or SANS GIAC.

Responsibilities

• Perform continuous upkeep, monitoring, analysis, and response to Information System, network and security events.
• Document compliance activities in accordance with the governing authority approved authorization package.
• Develop procedures and documentation to ensure compliance with Configuration Management (CM) for security relevant IS software, hardware, and firmware.
• Ensure systems are operated, maintained, and disposed of in accordance with the governing authority approved authorization package and customer directives.
• Ensure records are maintained for workstations, servers, software, routers, firewalls, network switches, and other relevant hardware/equipment throughout the information system's life cycle.
• Evaluate proposed changes or additions to the information system and advises senior site leadership of security relevance.
• Conduct security IS Briefings and training.
• Mentor other engineers in the art of cybersecurity and secure software development practices.
• Participate in internal/external security audits/inspections; performs risk assessments and Continuous Monitoring.
• Lead investigations into computer security violations and incidents, reporting as necessary to both the Facility Security and Senior Program Managers.
• Ensure proper protection and / or corrective measures have been taken when an incident or vulnerability has been discovered.
• Work with the Facility Security Officer (FSO) and CPSOs developing, implements and manages a formal Information Security / Information Systems Security Program.
• Develop, implement and enforce Information Security Policies and Procedures.
• Author, review and update IS Authorization documentation (Body of Evidence) to support IS Assessment and Authorization activities.