Information Systems Security Officer

Location
Manassas, Virginia
Posted
Feb 26, 2019
Closes
Apr 02, 2019
Ref
2150
Function
IT, Security Engineer
Hours
Full Time

The Information System Security Officer (ISSO) shall be responsible for maintaining a network of secured systems. The candidate should have a working knowledge  of the Risk Management Framework (RMF) and Security Technical Implementation Guides (STIGs) and associated systems (eMASS/OBMS).

 

This position develops and implements security plans and implement processes resulting in accredited hardware and software.

 

Typical duties include:

 

·         Developing and maintaining Risk Management Framework (RMF) artifacts, including POA&M development and review.

 

·         Conducting risk assessments and risk mitigation analyses and developing contingency plans.

 

·         Analyzing the documentation, validation, and accreditation processes necessary to ensure compliance to security and privacy requirements.

 

·         Maintain security posture of the local area network (LAN) and wide area network (WAN) including integrating and connecting to external customer systems and required supporting documentation.

 

·         Direct interaction with federal government stakeholders and accrediting authorities.

 

·         Defining, analyzing and reviewing hardware and software requirements to meet defined and anticipated customer needs, system quality, and performance standards.

 

·         Communicate security requirements to stakeholders and respond to questions/comments.

 

·         Provide guidance and training to Program Management Offices in need of accredited HW, SW, & Services.

 

·         Support other related duties as needs and circumstances dictate

 

Required Qualifications and Experience:

 

·         B.S. in an applicable engineering or science field, Master's degree preferred

 

·         5+ years of experience with operational information technology environments, including 3+ years in a DoD environment (including JWICS/SIPRNET/NIPRNET networks)

 

·         5+ years of experience with system and network vulnerability analysis, risk assessment and risk mitigation analysis, security test and evaluation (ST&E), contingency planning, firewall policy, ports, and protocols

 

·         Network design and implementation including IP addressing, firewall configuration, and multi-level security devices and systems

 

·         Demonstrated proficiency in developing and implementing a Cybersecurity plan for a new operational system resulting in an ATO and/or ATC

 

·         Knowledge of the DoD Authorization and Accreditation (A&A) process and standards as implemented in the NIST Risk Management Framework (RMF)

 

·         Certifications equivalent to IAT Level II, including Security+ CE or above, or equivalent

 

·         Current Active SECRET, Eligible for TS/SCI

 

Physical Requirements:

 

Must be willing to travel 10% of the time.

 

Must be able to lift and move computing and communications equipment weighing up to 40 lbs.

 

Shift Requirements: 

 

Some after hours /weekend work may be necessary to support priority time sensitive initiatives or computer security incident response activities.

 

Aurora Flight Sciences is an Equal Opportunity Employer