Information Systems Security Officer

About The Position

Requirements

• In compliance with DoD Cyber Workforce 8570.01
• Experience in Information Assurance / Cybersecurity, including development, integration, and implementation of cybersecurity and program protection standards for networking, computers, and custom applications
• Thorough knowledge of the Department of Defense 8510.01 Risk Management Framework (RMF) for DoD Information Technology, DoD Instruction 8500.1 Cybersecurity, DoD Directive 8140.01, Cyberspace Workforce Management, NIST 800 Special Publications, Federal Information Processing Standards (FIPS), and knowledge of current authorization practices, particularly within the DoD
• Experience in creating and maintaining the security configuration baselines for Windows and Linux platforms, networking equipment, cloud technologies, and custom applications (i.e., Minimum Benchmarks: CIS, STIGS)
• Familiar with DIA assessments and accreditation documentation within the XACTA management platform
• Familiar with eMASS - USSOCOM ENTERPRISE MISSION ASSURANCE SUPPORT SERVICES platform
• Provide subject matter expertise, advice and assistance in the planning, implementation, and accreditation of technology and solutions
• Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Management Level ( IAM Level II ). IAT Level II is also considered.
• 5+ years
• BS in Computer Science or Information Technology (or equivalent experience)
• US Citizenship and Possess an Active TS/SCI Clearance
• The position is contingent upon candidate’s ability to meet physical and medical requirements as needed by the position; including compliance with all applicable federal, state, and local jurisdictional requirements.
• Government or customer site-specific requirements may include, but are not limited to, proof of full COVID-19 vaccination status, except in circumstances where a candidate is legally entitled to an accommodation.

Nice To Haves

• Ability to read, review, and consolidate ACAS scans, DISA STIGS, and Websense results
• Excellent interpersonal skills, including the ability to work on multi-functional teams
• Display detailed knowledge and understanding of multiple technology infrastructures
• Ability to serve as a principal advisor on all matters, technical and otherwise, involving the security of an IS
• Exhibit individual initiative to influence events and achieve goals.
• Be proactive and a self-starter, going beyond specific job responsibilities to ensure goals and achieved or exceeded
• Travel as necessary for customer projects, technology expositions, and corporate meetings

Responsibilities

• Gather and translate customer requirements, interact with stakeholders from many areas, and lead efforts to ensure customer products and recommendations will meet customer information security policies in an ever-changing technical environment
• Categorize the IT and the information processed, store, and transmitted by the system based on an impact analysis due to a loss of Confidentiality, Integrity, and Availability (CIA) impacts
• Select an initial set of baseline security controls for the Information System (IS) based on the security categorization; overlay tailoring and supplementing the security control baseline as needed based on an organizational assessment of risk and local conditions
• Assess the security control using the appropriate methods and procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome
• Authorize the IS based on the determination of the risk to the organizational operations, organizational assets, or to individuals resulting from the operation of the IS and the decision that this risk is acceptable
• Monitor the security of the IS on a continuous basis including assessing control effectiveness, documenting changes to the system, conducting security impact analyses of the associated changes, and reporting the security status of the system to appropriate organizational officials on a regular basis
• Review, prepare and update RMF authorization packages
• Conduct assessments of information security controls to measure the effectiveness of controls and identify any gaps
• Manage remediation efforts and report on the status of control deficiencies
• Provide security expertise to business units and key stakeholders
• Provide timely status updates/reporting on assessments and assigned projects