Information Systems Security Specialist/Officer

About The Position

Requirements

• Extensive knowledge and experience with the NIST Risk Management Framework and federal Government accreditation processes.
• Skilled in providing technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation.
• Proven success in designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information.
• Ability to provide technical evaluations of customer systems and assist with making security improvements.
• Versed in design of information system contingency plans and other deliverables which maintain appropriate levels of protection and meet time requirements for minimizing operations impact to customer organization as well as Security Authorization and Assessment (A&A processes).
• Ability to conduct security product evaluations, and recommend products, technologies, and upgrades to improve the customers security posture.
• Strong writing skills to develop and maintain System Security Plans (SSP), Contingency Plans, Privacy Impact Assessments, Certification Reports, Accreditation Reports, Plan of Action & Milestones (POA&M), and other C&A documentation.
• Demonstrates oral and written communication skills to work closely with all levels of personnel involved in IT operations and technical aspects of systems.
• Familiarity with security policies & guidance documents to assist with the preparation and maintenance of process artifacts, traceability documents purposed for compliance with Authority to Operate (ATO) requirements.
• Must be able to adjust to constant business change, including new requirements, evolving goals and strategies, and emerging technologies.
• Must be a US Citizen.
• Active Top Secret Clearance; may be required to obtain SCI access
• Bachelor's degree in Cybersecurity, MIS, or equivalent technology discipline and/ or equivalent related development experience in lieu of degree
• Possessing a range of technical certifications, such as: (a) higher level security-related certifications.
• Greater than five years minimum practical experience in a Cybersecurity, Engineering, T&E or A&A (formerly C&A) related field.
• Proficiency across cybersecurity and IT security matters, including documentation requirements and security control implementation.
• Ability to successfully pass a pre-employment drug test.

Nice To Haves

• Proficiency with cyber risk management tools, such as Xacta.

Responsibilities

• Primary representative for cybersecurity matters, including Science and Technology Branch (STB) reporting requirements, data calls, Office of the Chief Information Officer (OCIO) requirements, as well as legal and compliance matters relating to IT security.
• Identifies gaps, strategic impacts, financial impacts, and the risk profile in the IT security landscape and provides support and recommendations.
• Understands cybersecurity risk management and Authorization to Operation requirements, including legal aspects such as executive order 14028. Understands multifactor authentication, encryption, zero trust, and other aspects of legal requirement and DOJ/FBI recommendation or requirement.
• Performs a variety of information security/cybersecurity tasks and activities that are broad in nature and are concerned with LD systems and assets.
• Provide leadership in infrastructure migration methodologies and techniques including mass application movements into the cloud including:
• Design, implementation, and support of cybersecurity artifacts.
• Mentor existing staff on IT and cybersecurity best practices and technology.
• Actively participate in IT and security meetings
• Manage the ATO process for LD systems and assets, including control implementation and documentation.
• Inform LD cybersecurity strategy.
• Conducts testing and audit log reviews to evaluate the effectiveness of current security measures. Directs and implements the necessary controls and procedures to cost-effectively protect information systems assets from intentional or inadvertent modification, disclosure, or destruction.
• Monitors security of electronic data, applications system usage, networks, and physical environment.
• Provides guidance and direction for the physical and virtual protection of information systems assets to other functional units.
• Supports all aspects of a Program Information Assurance (IA) processes tailored to include minimum qualification standards, fundamental awareness and familiarity to demonstrated competency with specific experience in Cyber Security, Engineering, Test & Evaluation, (T&E) and/or Security Control Assessor (SCA) under a Certification & Accreditation (C&A) and/or Assessment & Authorization (A&A) process.
• The specialist is expected to evaluate security solutions to ensure they meet security requirements for processing up to classified information and supervise and/or maintain the operational security posture for an information system or program.
• More senior specialists may assist or develop system security policy and ensure compliance of change management and configuration control processes.
• Plan and coordinate the IT security program and policies supporting the command leadership mission and goals.