Description:
Envisioneering, Inc. is seeking an Information Systems Security Officer (ISSO) to support an active government contract. This position will be responsible for the following:
Lead the RMF process for assigned programs, organizations, systems, or enclaves.
- Maintain and report system’s A&A status and events.
- Manage the SP for assigned systems throughout their lifecycle.
- Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements.
- Manage POA&M entries and ensuring vulnerabilities are properly tracked, mitigated, and resolved.
- Assist with identification of the security control baseline set and any applicable overlays.
- Supervise the validation of security controls with the PM/ISO, SCA Liaison, PSO, and AO CSA.
- Assemble the Security Authorization Package and submit for adjudication.
- Register and maintain the system in eMASS.
- Assess the quality of security control implementation against all requirements in accordance with the approved SLCM strategy.
- Plan and perform cybersecurity testing to assess security controls and recording security control compliance status during sustainment.
- Report changes in the security posture of systems to the AO.
- Utilize the Collaboration Board in eMASS workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
- Assist the ISSMs in executing their duties and responsibilities.
- Ensure compliance with all USN, DON, and DoD cybersecurity policies.
- Ensure all users possess the requisite security clearances and awareness of their responsibilities for systems under their purview prior to being granted access.
- Utilize the Collaboration Board in the eMASS workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
Assist the ISSE with the following responsibilities:
- Oversee the development and maintenance of a system’s cybersecurity solutions.
- Identify AO and SCA cognizance (i.e. FAO or NAO, and FSCA or SCA) of the system well as any specific authorization requirements such as reciprocity, cross domain, and overlays to support System Categorization.
- Identify mission criticality.
- Identify and tailor the security control baseline with applicable overlays.
- Assist with development, maintenance, and tracking of the SP.
- Lead the security control implementation and testing efforts.
- Perform vulnerability-level risk assessment on the POA&M/RISK Assessment Worksheet.
- Assist with any security testing required as part of A&A or annual reviews.
- Assist in the mitigation and closure of open vulnerabilities under the system’s change control process.
- Oversee cybersecurity testing to assess security controls and recording security control compliance status during the continuous monitoring phase of the lifecycle.
- Make data entries into the eMASS record and POA&M consistent with implementation results.
- Utilize the Collaboration Board in the eMASS workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
MINIMUM SKILLS / QUALIFICATIONS:
- Must have and maintain a DoD Top Secret Clearance.
- 15+ years of technical and managerial experience in system administration and information security/cybersecurity.
- CISSP, CISM, or other DOD 8570.01-M IAM Level 3 certification.
- Bachelor’s degree with a concentration in a related discipline (e.g., information security, cybersecurity, information technology)
- Self-motivated and the ability to multi-task and balance multiple goals and priorities.
- Must be familiar with DOD Risk Management Framework (RMF) policies, standards, procedures and have relevant experience with associated tools (e.g., eMASS, XACTA 360, Assured Compliance Assessment Solution (ACAS), Anchore, DISA Security Technical Implementation Guides (STIGs), SCAP Compliance Checker (SCC), STIG Viewer, eMASSter, Eval STIG).