Information Systems Security Officer

BAE Systems

3d•$107,359 - $182,510

About The Position

Functional Responsibilities: Applies current Information Assurance (IA) technologies to the architecture, design, development, evaluation, and integration of applications, systems, and networks to maintain the system security posture. Advises the Government on the use of methods such as, but not limited to, encryption technology, vulnerability analysis, and security management standards to protect Government systems and applications to meet Federal Information Security Modernization Act (FISMA) requirements. The Contractor shall: a. Have excellent verbal and written communication skills to be able to accurately relate requirements and document all within the appropriate security document and/or within the RMF system and coordinate with program, other system(s), and security personnel; b. Ensure all annual FISMA deadlines are met and/or ensures the Government PM is apprised when the deadlines cannot be met and/or when assistance is required to meet the deadlines; c. Prepare documentation from templates such as, but not limited to Configuration Management Plan (CMP), Incident Response Plan (IRP), Information System Contingency Plan (ISCP), and Plan of Action and Milestones (POA&M) to ensure compliance with FBI PDs and PGs and Federal IA requirements as well as coordinate review(s) and approvals; d. Must be able to discern the program policies and procedures, identify areas that need work and bring up to management for resolution; e. Identify IA vulnerabilities and coordinate with the Infrastructure and Development teams to correct, mitigated or apply for an exception via the POA&M processes; f. Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)) scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud (AWS preferred)) g. Prepares SAA package(s) to obtain and maintain an authority-to-operate (ATO), authority-to-test (ATT), or other SAA authority types for all systems and applications; h. Attend Configuration Control Board (CCB) meetings and review all change requests for impact to the system/application security posture(s) and applicable Federal and FBI PD and PG compliance requirements; and document decisions within the CMP; i. Coordinate security incident and high priority compliance responses with the FBI Enterprise Security Operations Center (ESOC); j. Represent program security interests in various meetings within and outside of the program; k. Schedule and conduct meetings with pertinent program personnel to address findings to determine appropriate path forward and document within the CMP and, if necessary, POA&M; l. Coordinates with other system Information System Security Officers (ISSO) to ensure that their requirements for interconnection, policy and procedures are met and all documentation is provided and updated as necessary; m. Ability to assess current and evolving security threats in an operational environment

Requirements

Minimum Education: Associates Degree in Computer Security or related field of study; (ISC)2 Information Security Certification(s) (e.g., CISSP, CAP, etc.); or in lieu of education, five (5) years of documented experience that addresses all requirements of the position.

Nice To Haves

Experience in a cyber-risk and compliance management system (e.g., Xacta, RiskVision, etc.)
One (1) year experience or more configuring, performing, scheduling,br viewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)) scans on the infrastructure and applications to ensure patch and configuration compliance on-premises and in the cloud (AWS preferred)
Technical background that will assist in assessing the NIST SP 800-53 security controls and gather evidence to support conclusions
Knowledge of operating systems, network and application security to aid implementation of information security and assurance principles
Knowledge of SPLUNK software and tools
Knowledge of Taclane, encryption devices and COMSEC technology.

Responsibilities

Applies current Information Assurance (IA) technologies to the architecture, design, development, evaluation, and integration of applications, systems, and networks to maintain the system security posture.
Advises the Government on the use of methods such as, but not limited to, encryption technology, vulnerability analysis, and security management standards to protect Government systems and applications to meet Federal Information Security Modernization Act (FISMA) requirements.
Have excellent verbal and written communication skills to be able to accurately relate requirements and document all within the appropriate security document and/or within the RMF system and coordinate with program, other system(s), and security personnel
Ensure all annual FISMA deadlines are met and/or ensures the Government PM is apprised when the deadlines cannot be met and/or when assistance is required to meet the deadlines
Prepare documentation from templates such as, but not limited to Configuration Management Plan (CMP), Incident Response Plan (IRP), Information System Contingency Plan (ISCP), and Plan of Action and Milestones (POA&M) to ensure compliance with FBI PDs and PGs and Federal IA requirements as well as coordinate review(s) and approvals
Must be able to discern the program policies and procedures, identify areas that need work and bring up to management for resolution
Identify IA vulnerabilities and coordinate with the Infrastructure and Development teams to correct, mitigated or apply for an exception via the POA&M processes
Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)) scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud (AWS preferred))
Prepares SAA package(s) to obtain and maintain an authority-to-operate (ATO), authority-to-test (ATT), or other SAA authority types for all systems and applications
Attend Configuration Control Board (CCB) meetings and review all change requests for impact to the system/application security posture(s) and applicable Federal and FBI PD and PG compliance requirements; and document decisions within the CMP
Coordinate security incident and high priority compliance responses with the FBI Enterprise Security Operations Center (ESOC)
Represent program security interests in various meetings within and outside of the program
Schedule and conduct meetings with pertinent program personnel to address findings to determine appropriate path forward and document within the CMP and, if necessary, POA&M
Coordinates with other system Information System Security Officers (ISSO) to ensure that their requirements for interconnection, policy and procedures are met and all documentation is provided and updated as necessary
Ability to assess current and evolving security threats in an operational environment

Benefits

health, dental, and vision insurance
health savings accounts
a 401(k) savings plan
disability coverage
life and accident insurance
employee assistance program
a legal plan
discounts on things like home, auto, and pet insurance
paid time off
paid holidays
paid parental, military, bereavement, and any applicable federal and state sick leave
company recognition program to receive monetary or non-monetary recognition awards