Information Systems Security Officer
Posting ID: JP-002660339
A leading Defense Organization is looking to add an Information Security Officer to their team!
*************Please only apply if you have an active DoD Clearance**************
Bachelors degree in an engineering discipline or equivalent years of experience. Required - DoDI 8570 certification (e.g., GSEC, Security+, SCNP, SSCP).
Technical Skill Required:
- Active Top Secret clearance required to start
- IAM Level I DoD 8570 certification (Sec+ CE or similar)
- Security engineering skills with a working knowledge of cybersecurity technology and DoD/Federal cybersecurity policy (i.e., DoDI 8500.01, NIST SP 800-53, etc.). Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS)
- Familiarity in the Risk Management Framework (RMF) Cybersecurity Lifecycle to include: identifying controls and overlays, generating testable requirements, identifying resilient architecture design, configuring, running, and scripting audit tools, providing analysis of vulnerability analyses, conducting verification testing for compliance assessment.
- Experience with Software Assurance (SwA) static and dynamic code analysis (e.g. Fortify)
- Windows and Red Hat Enterprise Linux (RHEL) system administration skills
- Previous experience working in a virtual environment.
- Previous experience working with dockers and containers
Number Of Year Required: 3
- Perform assessment of systems and networks within a virtual environment and identify where those systems deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits using STIG Viewer, SCAP, etc and active evaluations such as vulnerability assessments utilizing ACAS.
- Administer Assured Compliance Assessment Solution (ACAS) to identify missing patches - Perform Security Technical Implementation Guide (STIG) assessments and hardening for both Windows, Red Hat Enterprise Linux (RHEL) systems, and networking equipment utilizing ConfigOS - Develop test plans reflecting how STIG checks are implemented and be able to show expected outcomes of those checks
- Update Risk Management Framework (RMF) artifact documentation to ensure system hardening non-compliant is tracked and remediated.
- Identify applicable patches through system scans and review of applicable guidance (e.g., IAVAs, IAVBs, TCNOs, vendor patches) - Work with the core program personnel, local system administrators and network administrators, developers, test and integration, and other program personnel to coordinate application of system configurations while ensuring no laps of mission functionality.
- Establish strict program control processes to ensure mitigation of risks and supports obtaining assessment and authorization of systems. Includes support of process, analysis, coordination, control certification test, compliance documentation, as well as investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits.
- Assist in the implementation of the required government policy (i.e., NISPOM, NIST, DoD), making recommendations on process tailoring, participating in and documenting process activities.
- Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards.
- Support program test milestones through pre-test preparations, participating in the tests, analysis of the results, and preparation of required artifacts supporting authorization.
- Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow-diagrams, Hardware and Software listings, Ports, Protocols, and Services Management documentation, supporting Assessment and Authorization activities and maintain the Plan of Actions and Milestones (POA&M).
- Periodically conduct a complete review of each program support and operational system audits and monitor corrective actions until all actions are closed.
Documentation, eMASS, policy writing, ACAS, Nessus, RMF, Risk Management Framework
Top Skills Details:
Documentation, eMASS, policy writing
Additional Skills & Qualifications:
Must have a security + certification or equiv. (IAT level II) also must have an active clearance
Actalent connects passion with purpose. Our scalable talent solutions and services capabilities drive value and results and provide the expertise to help our customers achieve more. Every day, our experts around the globe are making an impact. We’re supporting critical initiatives in engineering and sciences that advance how companies serve the world. Actalent promotes consultant care and engagement through experiences that enable continuous development. Our people are the difference. Actalent is an operating company of Allegis Group, the global leader in talent solutions.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Recruiter: Jean Chambers
Phone: (410) 579-3072