Get more qualified candidates and reduce your costs with our guaranteed recruiting solutions

Talk to an expert today

1578 - Information System Security Officer

Springfield or Chantilly, Virginia
Top Secret

OVERVIEW:

Our customer requires assistance in establishing a robust enterprise-wide Privileged Access Management architecture across 3 networks to ensure 2-factor authentication requirements are met for its privileged users. A successful candidate will serve as the Information System Security Officer. The position requires a deep understanding of the ICD-503 RMF framework with the expectation to support system administration duties as required. This drives a requirement for deep understanding of the overall system, its COTS, and underlying Operating Systems in order to be able to perform both system administration, operations leadership, and A&A duties. This position will have the ability to sit either in the Springfield or Chantilly location.

GENERAL DUTIES:

  • Coordinate and maintain at least 9 SPIDs, following all ConMon processes and possibly more for other contracts
  • As required by Bana Solutions, coordinate and maintain the SPID of other Bana Solutions systems
  • POA&M status and coordination, to include dates to complete, status, and POA&M Verification Reports (PVRs)
  • Provide leadership to the project/program team in determining client requirements and translating requirements into operational plans
  • Participate in team problem solving efforts and offer ideas to solve client issues
  • Providing leadership in project/program requirements, scope, and change management issues
  • Identify opportunities for efficiencies in work processes and innovative approaches to completing scope of work
  • Maintain responsibility for completion and accuracy of work products
  • Review and update security documentation such as that listed below to meet ICD 503, CNSSI 1253, NIST SP 800-37 and other applicable federal requirements:
  • System Security Plans
  • Security Controls Traceability Matrix (SCTM)
  • CONOPS/SECONOPS
  • Risk Assessment Reports
  • Plan of Action and Milestones (POA&Ms)
  • Interconnection Agreements
  • Risk Assessment Reports
  • Contingency Plans
  • Security Assessment Reports
  • Review policies and procedures as required for various security controls identified in the Security Controls Traceability Matrix (SCTM)
  • Conduct reviews and validations of system configurations in accordance with applicable guidelines (i.e. customer, DISA STIGS and CIS Benchmarks).
  • Work with program and stakeholder to gather and define requirements for the evolution and growth of the PAM architecture.
  • Perform system administration duties on the PAM platform, to include among other things:
  • Windows Server 2016
  • Red Hat Enterprise Linux
  • Identify risks by role, software, information type, and other categories and define acceptable and mitigation strategies. Oversee training, policies, and practices, including audits, to ensure systems are securely operated. Document and communicate policies, queries, vulnerabilities, and current state of the system. Assist with regulatory and data transfer procedures. Implement and monitor information security requirements, policies, and compliance
  • Operational Analytics
  • Maintain and operate the analytics stack on SBU and SCI to ingest and display metrics across:
  • Shield usage, to include logins, PSM connections, Password shows, etc. and trends over time
  • Ops Tracker data, namely user issues, and trends over time
  • Shield system health script database data and trends over time
  • IAVA scan results and trends over time
  • STIG scan results and trends over time
  • POA&M report results and trends over time

REQUIRED QUALIFICATIONS:

  • BS degree and 5 years of prior relevant experience
  • Minimum of 5 years’ hands-on experience on DOD projects in a cybersecurity role.
  • 2 years of experience in performing as an ISSO on DOD projects
  • Experience with network and network security assessments and documenting the results using NIST SP 800-53A, completing security plans and recommending Security Controls for Federal Information Systems
  • Documenting recommendations to correct security weaknesses resulting from security assessments and tracking implementation of corrective actions
  • Developing network and network security policies and system security documentation and procedures
  • Strong communication skills, both verbal and written
  • Ability to quickly learn new software and IT concepts
  • ICD-503 and NIST 800-53 security controls
  • Proficiency in ACAS/NESSUS, SCAP
  • Experience with the DoD Information Assurance Vulnerability Management (IAVM) Program

DESIRED QUALIFICATIONS:

  • Strong  collaboration skills
  • Ability to quickly learn new software and IT concepts
  • Able to make decisions and progress with ambiguous information and imperfect knowledge
  • Strong sense of ownership, urgency and drive

CLEARANCE:

  • Top Secret/SCI