Information Systems Security Officer

APOGEE RESEARCH LLC•Arlington, VA

19h•Onsite

About The Position

Apogee Research is seeking an experienced, highly motivated, and organized Information System Security Officer (ISSO) with a demonstrated capability of working within executive-level DoD multi-level security environments. The ISSO reports directly to the Director of Operations and provides comprehensive information systems security support. This position will be responsible for our systems security by ensuring that operational security is maintained for the assigned information systems. This position requires working knowledge of secure Government enterprise level information systems and networks, isolated standalone networks, security policies, technical security safeguards, and operational security measures. This is an excellent opportunity for an energetic and experienced ISSO who is conscientious, detail-oriented, and enjoys working with a close-knit team. This position can be scoped to meet the capabilities of the right candidate with competitive compensation matched to the key responsibilities of the role. The position is based out of our Arlington, VA office (full-time in person). Candidates must have an active DoD Top Secret clearance with SCI eligibility.

Requirements

3-5 years as an ISSO or ISSE
Required to hold and maintain DoD 8140/8570 approved baseline certification (e.g., Security+, CySA+, etc.)
Experience with auditing information systems.
Experience with certification/authorization requirements as outlined in the NISPOM, RMF JSIG, ICD 503, NIST SP 800-53 Rev 4/5, NIST SP 800-171, DoD STIG Overlays, and other USG IS/Security-related policies.
Self-starter, highly motivated, able to multi-task and meet tight deadlines. A strong candidate must have the ability to work well under pressure and deal with changing priorities.
Excellent communication skills (oral and written), ability to work in a team environment, and must work well with others.
Effective at problem-solving and proven ability to cope with conflict, stress and crisis situations.
Active DoD Top Secret clearance with SCI eligibility.

Nice To Haves

Experience implementing security controls on Red Hat, other Linux distributions and Windows based operating systems in accordance with applicable Security Technical Implementation Guides (STIGs) and NIST 800-53 controls.
Knowledge and experience with technical and configuration standards relating to information system security; prefer experience configuring Windows Server operating systems, system virtualization and other related peripherals.
Experience with developing security policies and procedures (e.g. data transfer procedures, audit procedures, media protection policy, configuration management procedures, etc.

Responsibilities

Ensure users follow established information security policies and procedures to protect, operate, maintain, and decommission systems and secure data in accordance with internal security policies and Department of Defense (DoD) regulations.
Interpret, review, maintain information Systems Security Plans (SSPs), Security Control Traceability Matrix (SCTM), Risk Assessment Reports, Security Control Assessment Reports, and authorizations for existing systems in accordance with DoD mandated policies.
Develop a comprehensive Risk Management Framework (RMF) package for new systems with complete body of evidence - including SSPs, Information Continuous Security Monitoring Plans, Plans of Action & Milestones (POA&Ms), architecture diagrams, and additional artifacts to support system authorization in coordination with Program Managers, Information Systems Security Manager, and Government Customer Security Control Accessors.
Participate in and support assessments of various classified and Controlled Unclassified Information networks.
Perform compliance and vulnerability scans, assist with Assured File Transfers, ensure the integrity of security configurations, and the removal of decommissioned information systems.
Develop and maintain a Plan of Action and Milestones (POA&M) for all security related vulnerabilities and provide recommendations to the ISSM on correcting vulnerabilities or implementing countermeasures associated with required security controls.
Coordinate with program stakeholders, the ISSM, Contract Program Security Officer (CPSO)/Facility Security Officer (FSO), IT Manager and team members to define, implement and maintain an acceptable information systems security posture.
Ensure information systems documentation (i.e., training records, user agreements, system baseline, SSPs etc.) are kept current.
Review and analyze system audit logs to identify anomalous activity and potential threats to controlled and secure network resources.
Provide support to the ISSM in reporting, responding to, and investigating security violations and incidents.
Conduct and monitor cyber awareness and information systems training sessions for company employees.
Participate in and support incident response and contingency planning drills; implement configuration management procedures and participate in change configuration board (CCB) reviews.