Information Systems Security Officer

About The Position

Requirements

• Must be a U.S. citizen
• Minimum of Active Secret security clearance required
• Minimum of 3+ years of related experience in cybersecurity
• Demonstratable experience with standard cybersecurity and network environment tools and applications, including: SIEM, ESS, DLP, IAM, Vulnerability Scanning, etc.
• Proven experience in executing security hardening on Windows and RHEL operating systems, utilizing approved DISA STIGs and SRGs, and implementing NIST SP 800-53 security controls to ensure compliance with industry standards.
• Proven knowledge of the DCSA Assessment and Authorization Process Manual (DAAPM), Joint Special Access Program Implementation Guide (JSIG), or Risk Management Framework (RMF).
• IASAE Level-II Certification, such as: CASP, CISSP, RHCSA, or CSSLP
• Be well-versed in information system security architectural documentation standards.
• Apply information assurance and cybersecurity standards, directives, guidance, and policies to an architectural/risk-based framework.
• Understand and implement relevant frameworks, such as NIST, ISO, or other industry-recognized standards.
• Provide a structured approach to information system security, ensuring that all aspects of the system are properly secured and aligned with organizational and regulatory requirements
• Ensure compliance with governing documents and security policies.
• Assist in regulatory periodic assessments to ensure adherence to government regulations and information assurance/cybersecurity guidelines.
• Provide recommendations for secure implementation and compliance.
• Support the development of information system security documents and reports to regulatory agencies.

Nice To Haves

• Proven expertise in Dev/Sec/Ops concepts and processes, with the ability to apply them in real-world scenarios, including:
• Expertise in Splunk, including: Writing queries, Creating dashboards, Implementing third-party apps (e.g., Qmulos Products)
• Experience with network design processes, including: Understanding security objectives, Operational objectives, Risk mitigation strategies for information systems
• Demonstratable experience working with complex operating systems and networks, including:
• Data centers
• Cloud environments
• Cross-domain solutions
• NSA Type 1/Commercial Solutions for Classified (CSfC) encryption solutions
• Demonstratable experience conducting internal and external customer assessments, including:
• Identifying areas for improvement
• Providing recommendations for remediation
• Developing and implementing corrective action plans
• Proven ability to evaluate proposed changes or additions to the information system, including:
• Assessing their security relevance
• Providing advisory support to the ISSM
• Ensuring compliance with relevant regulations and standards
• Proven experience implementing new and complex technologies at an enterprise level, including:
• Ensuring seamless integration with existing systems
• Minimizing disruption to operations
• Providing training and support to users

Responsibilities

• Plan, implement, test, and monitor classified cybersecurity measures to ensure the security and integrity of our systems.
• Assess and mitigate classified system security threats and risks throughout the program life cycle.
• Coordinate activities with the Information System Security Manager (ISSM) to ensure systems are secure and technically ready for inspection.
• Validate system security requirements and establish technical system security documentation.
• Assist with the implementation of security procedures and verify system security requirements.

Benefits

• Medical
• Dental
• Vision
• Life Insurance
• Short-Term Disability
• Long-Term Disability
• 401(k) match
• Flexible Spending Accounts
• EAP
• Education Assistance
• Parental Leave
• Paid time off
• Holidays