Isso

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related discipline (or equivalent combination of education and experience).
• Minimum of 5 years of experience in cybersecurity, information assurance, information systems security, or related fields.
• Experience supporting DoD Risk Management Framework (RMF) processes and cybersecurity compliance initiatives.
• Working knowledge of: Joint SAP Implementation Guide (JSIG), NIST SP 800-53 Security Controls, DoD RMF Process, Security Technical Implementation Guides (STIGs), Vulnerability Management Programs.
• Active TS/SCI security clearance.
• Current DoD 8570/8140 compliant certification such as CISSP, CISM, CASP+, or CISA.
• Strong analytical, troubleshooting and problem-solving skills.
• Excellent written and verbal communications skills.
• Ability to work independently and collaboratively in a fast-paced, mission-focused environment.
• Strong attention to detail and documentation accuracy.

Nice To Haves

• Experience supporting SAP, SCI or other classified environments.
• Experience securing Windows, Linux and virtualized environments.
• Familiarity with Cross Domain Solutions (CDS).
• Experience with cybersecurity tools including: ACAS, Splunk, Tenable, Trellix ePO, Similar enterprise security platforms.
• Knowledge of cloud security requirements within DoD environments.
• Experience supporting security assessments and authorization package development.
• Strong understanding of cybersecurity risk management and compliance frameworks.

Responsibilities

• Support the ISSM in executing cybersecurity responsibilities and serve as acting ISSM when required.
• Ensure systems are operated, maintained and disposed of in accordance with approved security policies and authorization requirements.
• Verify users possess appropriate security clearance, authorizations, and need-to-know prior to system access.
• Conduct periodic security reviews and compliance assessments to validate continued adherence to approved security baselines.
• Participate in Configuration Control Board (CCB) activities and evaluate proposed system changes for security impact.
• Coordinate hardware, software, and firmware modifications with security stakeholders prior to implementation.
• Notify appropriate authorities of system changes that may impact authorization status.
• Monitor system recovery efforts to ensure security controls are restored and functioning properly.
• Participate in Agile planning sessions and provide cybersecurity input on development and infrastructure activities.
• Support the implementation and maintenance of cybersecurity controls in accordance with JSIG, RMF, NIST SP 800-53, and DoD cybersecurity requirements.
• Develop, update and maintain RMF documentation, including: System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Plans of Action & Milestones (POA&Ms), Security Assessment Reports (SARs), Continuous Monitoring Plans.
• Assist with system authorization activities throughout the RMF lifecycle.
• Ensure security controls are implemented, documented, and maintained according to approved baselines.
• Support security assessments, audits, inspections and authorization reviews.
• Perform continuous monitoring activities to maintain Authorization to Operate (ATO) status.
• Review and analyze vulnerability scan results from ACAS, Tenable, and similar tools.
• Track vulnerability remediation efforts and validate closure of findings.
• Support risk assessments and recommend mitigation strategies.
• Monitor system changes and assess potential cybersecurity impacts.
• Assist with configuration management activities to ensure compliance with approved baselines.
• Support cybersecurity incident response activities and document security incidents.
• Ensure audit logs and security records are collected, reviewed, retained, and analyzed according to policy requirements.
• Validate implementation of STIGs, system hardening standards, and secure configuration requirements.
• Work with system administrators and engineers to maintain secure system configurations.
• Support enforcement of least privilege, separation of duties, and access control requirements.
• Provide cybersecurity guidance and support to system users and administrators.
• Maintain accurate cybersecurity documentation, records and compliance artifacts.
• Prepare reports, status updates, and briefings for program leadership, government representatives, and security stakeholders.
• Maintain evidence required for audits, inspections, and authorization activities.
• Support internal and external cybersecurity reviews and assessments.

Benefits

• Relocation assistance available.