VNC Senior Cyber Security ISSO

About The Position

Requirements

• Minimum of 12 years with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D. 16 years with HS diploma
• Must have active Secret Clearance
• Must be US citizen
• Current active IAT/IAM III certification (CISSP or CISM) with related Computing Environment (CE) certifications to comply with DoD 8570 and DoD 8140.03 requirements
• Experience in RMF or similar government IT certification and accreditation processes

Nice To Haves

• Experience working within Military Health environments (preferred)
• Familiarity with ServiceNow (MHSSHD) ITSM ticketing system (preferred)

Responsibilities

• Provides subject matter expertise to the Information Systems Security Manager (ISSM), Program Management Leadership, and technical teams developing/sustaining systems ensuring compliance with NIST and DoD Instruction 8500.01, Cybersecurity
• Leads Assessment and Authorization (A&A) activities under the Risk Management Framework (RMF) for VoIP, VTC, and IP surveillance systems.
• Manage and sustain the Risk Management Framework (RMF) package(s) in order to maintain an Authority to Operate (ATO) including ensuring the established security control baseline, control statements, and supporting evidence have been entered or uploaded into the Enterprise Mission Assurance Support Service (eMASS)
• Review security controls, security technical implementation guides (STIGs), vulnerability scans, engineering change proposals, evaluate the impacts to cybersecurity posture, and the effectiveness of proposed solutions
• Create and manage the systems profile in the Assured Compliance Assessment Solution (ACAS) tool, ensuring that monthly vulnerability scan results are uploaded
• On a weekly basis, run ACAS compliance scans, analyze, and identify compliance strategies Coordinate duties with the System Administrators and/or Information Technology (IT) staff to ensure all configuration requirements are implemented and functional
• Manage the cybersecurity Plans of Action and Milestones (POA&Ms), coordinating with government and contractor teams in formulating, creating, and tracking security POA&Ms
• Conduct technical and nontechnical reviews and audits as prescribed by the ISSM
• Conduct IA security education training for all VNC team members on appropriate risk mitigation strategies
• Monitor, manage, and report as required DoD 8570 and DoD 8140.03 compliance for appropriate VNC personnel
• Review and approve as the Information Assurance Officer (IAO), DD Form 2875 - System Authorization Access Request (SAAR) for assigned systems and enclaves
• Implement and monitor specialized security controls (NIST SP 800-53) for voice and video media, such as SRTP (Secure Real-time Transport Protocol), SIP TLS, and endpoint hardened configurations
• Apply and audit Security Technical Implementation Guides (STIGs) for IP telephony, videoconferencing bridges, and network devices
• Perform vulnerability assessments using tools like ACAS, SCAP, and Nessus on telephony/video endpoints and infrastructure, managing POAMs (Plan of Action and Milestones)
• Evaluate video networking architecture for potential security gaps, such as unauthorized access to call managers, weak encryption, or unpatched endpoints.
• Lead incident response efforts for communication breaches, such as toll fraud, eavesdropping, or video conferencing hijacking.
• Maintain system authorization packages, including System Security Plans (SSPs), Contingency Plans, and Incident Response Plans.

Benefits

• Employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.