Information Systems Security Officer

About The Position

Requirements

• Knowledge of federal security requirements and mandates (e.g., RMF, JSIG, FIPS, NIST)
• Strong Microsoft Windows background with some knowledge of UNIX/LINUX
• Familiarity with security procedures in a SCIF/SAPF environment
• Proficiency in multiple technical areas and application of advanced technical/analytical principles
• Ability to understand customer needs and translate them into technical solutions
• Experience in overseeing technical studies, complex analysis, and generating reports/presentations
• Project management or program management knowledge and experience
• Strong problem-solving skills, including breaking down complex problems and prioritizing tasks
• Excellent communication skills and ability to interface with senior-level customers and teammates
• Leadership experience in technical projects, proposals, and internal committees or innovation projects
• Bachelor’s degree in Computer Science, Information Technology, Information Security, or related field
• Five (5) years of experience working in an IA-related field and/or five (5) to eight (8) years of experience in IT with a heavy emphasis on systems administration
• In-depth knowledge of Microsoft Windows OS (client and server)
• CompTIA Security+ or higher-level DoD 8570.01/8140.03 certification
• Experience with Linux operating system (RedHat Enterprise Linux)
• Experience with XACTA-Experience using security hardening, collection, and assessment tools (e.g. SCC, Nessus, Splunk, etc.)
• Experience with security architectures, firewalls, and network access
• Experience with risk managed downloads, information systems sanitization and destruction, PEDs, contaminations, incident response, virus scanning, privileged user access, and hardware/software configuration management
• Experience with A&A documentation and system authorization artifacts
• Frequent sitting for long periods using computer keyboard, zoom conferencing, Microsoft teams, telephone etc.
• Regular standing and walking to file documents, make copies, meet with leaders/employees in other parts of the building etc.
• Keyboarding: Entering text or data into a computer or other machine by means of a traditional keyboard (traditional keyboard refers to a panel of keys used as the primary input device on a computer, typographic machine, or 10-key numeric keypad)
• Work is performed in an office environment and requires the ability to operate standard office equipment
• Some work (less than 5%) may require moving and lifting of heavy objects

Responsibilities

• Perform day-to-day maintenance of systems, including auditing and patch management
• Perform technical security assessments of complex systems
• Identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies
• Apply knowledge of IA policy, procedures, and workforce structure to implement secure networking, computing, and enclave environments
• Write authorization and accreditation (A&A) documentation and ensure the systems are operated and maintained in accordance with these security plans
• Enforce the design and implementation of trusted relationships among external systems and architectures
• Support security planning, assessment, risk analysis, and risk management for client systems and programs
• Interact with technical team members from multiple organizations in a diversified, team environment
• Identify overall security requirements for the proper handling of MTSI and client data
• Perform system or network designs that encompass multiple enclaves to include those with differing data protection/classification requirements
• Recommend system-level solutions to resolve security requirements
• Ensure all users have the requisite security clearances, authorizations, need-to-know, and are aware of their security responsibilities before granting access to client systems
• Conduct periodic reviews of information systems to ensure compliance with the security authorization package
• Perform key functions (above) and other security-related tasks as directed on multiple systems, at multiple sites, or for multiple clients
• Schedule, perform and maintain records of required IS auditing, patching, maintenance, software/hardware changes, and scanning based on evolving threat/vulnerabilities and customer compliance requirements
• Assess changes to an information system by performing periodic self-inspections, tests, and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities
• Maintain a working knowledge of information system functions, security policies, technical security safeguards, and operational security measures
• Coordinate with Information Systems Security Manager, Facility Security Officer (FSO) and Contractor Program Security Officers (CPSO) to define, implement and maintain information security policies, strategies, and procedures
• Implement policies and procedures for responding to security incidents, and for investigating and reporting security violations and incidents
• Receive direction/guidance from the MTSI Program Manager and/or Govt technical lead; translate guidance into actionable tasks performed by the project team
• Manage/execute medium-large tech tasks
• Ensures assigned tech tasks are properly coordinated/ efficiently accomplished w/best available resources
• Serve as technical lead for time critical tech projects, test events/tasks requiring senior level tech expertise
• Ensure all required resources (e.g. personnel, HW, SW, facilities, security) are identified to support assigned tasks
• Coordinate w/Project Manager to verify time phased requirements are identified to meet contractual required deadlines
• Accountable for the quality and timely delivery of all technical contract deliverables
• Ensure that task related products are consistent in format and content with overall project deliverables
• Routinely engage with Govt technical representative + tech leads for our teammates and subcontractors
• Acts as a resource/mentor for colleagues with less experience
• Works independently, with guidance in only the most complex situations