As an ISSO on our program, you'll detect, evaluate, and document the security configuration of developmental and operational tools and security impacts, and make improvement recommendations. Coordinate work with in-house teams, subcontractors, and vendors to identify the right mix of tools and techniques to translate your customers' IT needs and future goals into a plan that will enable secure and effective solutions.
As an ISSO on our team, you'll advise the client, leading the discovery of their cyber risks, understanding applicable policies, and developing a mitigation plan. You'll oversee the analysis of technical, environmental, and personnel details from technical subject matter experts and engineers as your team reviews the entire threat landscape. Then, you'll guide your client through a plan of action with presentations, whitepapers, and milestones. Your client will rely on you to translate security concepts, so they can make the best decisions to secure their mission-critical systems.
Requirements
3+ years of experience as an Information System Security Officer (ISSO) or Information System Security Analyst (ISSA)
Experience conducting tools assessments and configuration analysis against best practices, vendor specifications, and government security guidelines and requirements
Experience with the implementation, oversight, and maintenance of the security configuration, practices, and procedures for systems
Experience with implementing controls from NIST 800-53, FedRAMP, ICD 503, RMF, and DoD Information Levels, including applying them to the design and implementation of information technology solutions to achieve an authorization to operate (ATO)
Experience with eMASS or Xacta IA Manager
Ability to perform risk analysis
Active TS/SCI clearance; willingness to take a polygraph exam
Associate's degree and 5+ years of experience supporting IT projects and activities, Bachelor's degree and 3+ years of experience supporting IT projects and activities, or Master's degree and 1+ years of experience supporting IT projects and activities
DoD 8570 IAT Level II Certification, including CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP Certification
Must obtain a DoD 8570.01-M CSSP Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND certification prior to start date on the contract
Additional Qualifications:
Experience with DoD security technical implementation guides (STIGs), checklists, and testing tools, including STIG Viewer, SCAP, and ACAS scanning tool
Experience assessing configuration changes, such as new COTS tools or web application upgrades, to system security boundary
Experience drafting tool implementation CONOPS and reviewing tool or capabilities topologies, CONOPS, and vulnerability scans to assess risk
Experience with cyber-related tools such as Ansible, Terraform, Splunk, or STIG Viewer
Knowledge of cloud-native security tools, including HBSS
Knowledge of Zero Trust principles and concepts
Ability to plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks
Ability to work within a collaborative team and a fast-paced dynamic environment
Possession of excellent written, organizational, presentation, and verbal communication skills
AWS, Azure, or GCP Certification
