Information Systems Security Officer

Manassas, Virginia
Feb 26, 2019
Apr 02, 2019
IT, Security Engineer
Full Time

The Information System Security Officer (ISSO) shall be responsible for maintaining a network of secured systems. The candidate should have a working knowledge  of the Risk Management Framework (RMF) and Security Technical Implementation Guides (STIGs) and associated systems (eMASS/OBMS).


This position develops and implements security plans and implement processes resulting in accredited hardware and software.


Typical duties include:


·         Developing and maintaining Risk Management Framework (RMF) artifacts, including POA&M development and review.


·         Conducting risk assessments and risk mitigation analyses and developing contingency plans.


·         Analyzing the documentation, validation, and accreditation processes necessary to ensure compliance to security and privacy requirements.


·         Maintain security posture of the local area network (LAN) and wide area network (WAN) including integrating and connecting to external customer systems and required supporting documentation.


·         Direct interaction with federal government stakeholders and accrediting authorities.


·         Defining, analyzing and reviewing hardware and software requirements to meet defined and anticipated customer needs, system quality, and performance standards.


·         Communicate security requirements to stakeholders and respond to questions/comments.


·         Provide guidance and training to Program Management Offices in need of accredited HW, SW, & Services.


·         Support other related duties as needs and circumstances dictate


Required Qualifications and Experience:


·         B.S. in an applicable engineering or science field, Master's degree preferred


·         5+ years of experience with operational information technology environments, including 3+ years in a DoD environment (including JWICS/SIPRNET/NIPRNET networks)


·         5+ years of experience with system and network vulnerability analysis, risk assessment and risk mitigation analysis, security test and evaluation (ST&E), contingency planning, firewall policy, ports, and protocols


·         Network design and implementation including IP addressing, firewall configuration, and multi-level security devices and systems


·         Demonstrated proficiency in developing and implementing a Cybersecurity plan for a new operational system resulting in an ATO and/or ATC


·         Knowledge of the DoD Authorization and Accreditation (A&A) process and standards as implemented in the NIST Risk Management Framework (RMF)


·         Certifications equivalent to IAT Level II, including Security+ CE or above, or equivalent


·         Current Active SECRET, Eligible for TS/SCI


Physical Requirements:


Must be willing to travel 10% of the time.


Must be able to lift and move computing and communications equipment weighing up to 40 lbs.


Shift Requirements: 


Some after hours /weekend work may be necessary to support priority time sensitive initiatives or computer security incident response activities.


Aurora Flight Sciences is an Equal Opportunity Employer