Information Systems Security Officer – Sr Cloud / Active Top Secret

About The Position

Requirements

• Bachelor’s degree in Computer Science, Business Management, or IT related discipline.
• Minimum of 9 years of work experience in a Computer Science or Cybersecurity related field.
• Minimum of 7 years experience serving as an Information Systems Security Officer (ISSO) at a cleared facility.
• Possess at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), CompTIA Advanced Security Practitioner (CASP), Or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency.
• Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, Splunk, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications.
• Additional requirement to hold at least one Security certification from AWS, Azure, or GCP: AWS Certified Security – Specialty, (ISC)2 Certified Cloud Security Professional (CCSP), AWS Certified Solutions Architect – Associate, AZ-500: Microsoft Certified: Azure Security Engineer Associate, Google - Professional Cloud Security Engineer.
• U.S. citizenship required.
• Active Top Secret security clearance required with the ability to obtain a final TS/SCI.

Responsibilities

• Serve as Task Lead.
• Be well-versed in best practices for cyber security program standards, processes, and procedures compliance, industry-standard security frameworks and demonstrated expert working knowledge of NIST Special Publication (SP) 800-53: Recommended Security Controls for Federal Information Systems, NIST SP 800-53A: Guide for Assessing the Security Controls in Federal Information Systems, AFPD 17-1 and AFI 17-130, Cybersecurity Program Management.
• Have the ability to write security policies and procedures, CSS, SSP, SSPP, and assess all ATO package artifacts.
• Have expert knowledge of Risk Management Framework (RMF) v5 (Processes, workflow, etc.).
• Have the ability to use eMASS to execute, RMF v5 to include document / update system status, identify, document, and manage implementation of operational and technical security controls, implementation and risk assessment tabs, non-compliant and non-validated controls, POAM management (entry, evidence, close-out), produce report and track Plan of Action and Milestone (POA&M) due dates, etc.
• Have the ability to complete a checklist to ensure Security Authorization Process documents are complete and comply with all guidance.
• Demonstrate the ability to work collaboratively with IT counterparts, communicate effectively (skilled in communicating complex technical information to non-technical audience) and coordinate STIG remediation with system administrators and developers.
• Have the ability to conduct risk assessments, monitor security incidents and respond appropriately to Security Threats.
• Working understanding of network technology (includes knowledge of network protocols, TCP/IP), operating systems as well as the necessary security protocols, system details (Architecture, data flow, security cat, requirements, configuration management process/procedures, and user profile) firewalls, rules and configurations, intrusion detection tools and prevention systems, encryption techniques, Windows, Unix, and Linux) operating systems, along with other applications such as databases and web servers.