Information Systems Security Officer

Location: Aberdeen Proving Ground,Maryland,United States

Job Title: Information Systems Security Officer (ISSO)

Primary Location: USA – Aberdeen Proving Ground, MD

Security Clearance: TS/SCI with CI Polygraph Required

Schedule: Full-time

Job Type: Regular

Travel: This position may require up to 25-50% or more travel

Basic Qualifications:

An individual must meet the following criteria to be considered:

• U.S. Citizen
• Pass a background investigation
• Possess a TS/SCI with CI Polygraph security clearance
• Meet education/experience requirements
• Proof of vaccination status or negative COVID test results required for access to certain facilities may be required
• Possess DoD 8570 compliant security certifications to meet IAT requirements (Security+, etc.)

Job Highlights:

Join OMNI Technologies’ Information System Security Engineering team to help architect and engineer systems that utilize existing and emerging technologies.  In this role, you will perform the tasks in coordination with government personnel to provide the cybersecurity support services and solutions necessary to build, integrate, enhance, improve, modernize, implement, test, analyze, assess, sustain, and maintain the cybersecurity posture and capabilities.

General Required Skills:

• Demonstrated experience and familiarity with DoD and Army Cybersecurity Polices and Regulations and Certification and Accreditation (C&A) process, including the provisions of ICD 503, the planning and execution of Security Test and Evaluation (STE), and Cybersecurity Test and Evaluation (CTE) events
• Advanced experience with SELinux, Linux, and Windows server systems
• Understanding of networking fundamentals and network protocols, like TCP/IP, SSH, SFTP, HTTP, and SCP
• Experience with Cross Domain Systems
• Experience with DIACAP, RMF, ICD 503, CNSSI 1253 and NIST Special Publications
• Experience with the DoD Security Technical Implementation Guides (STIGS), Security Requirements Guides (SRG), and industry best practices for various applications
• Experience with Assured Compliance Assessment Solution (ACAS) and Host Based Security Suite (HBSS) applications
• Knowledge and understanding of cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity 
• Knowledge of computer networking concepts and protocols, and network security methodologies. 
• Knowledge of cyber threats and vulnerabilities. 
• Knowledge of cybersecurity principles. 
• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. 
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 
• Knowledge of specific operational impacts of cybersecurity lapses. 

ISSO Key Job Functions:

OMNI Technologies’ Cybersecurity Engineering team seeks an experienced Information Systems Security Officer to provide technical expertise with engineering and supporting Accreditation & Authorization (A&A) efforts. In this role, you will:

• Perform all ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and AR 25–2.
• Responsible for ensuring the appropriate operational security posture is maintained for the information system (IS) on multiple security domains and classification to meet Intelligence Community (IC), DoD and Army cybersecurity/information assurance regulations and policies. This includes providing guidance and oversight to vendors
• Direct experience with implementation of Intelligence Community (IC), DoD and Army regulations (such as DOD-I-8500, DOD-I-8510, ICD 503, NIST 800-53, CNSSI 1253, Army AR 25-2) and RMF security control requirements and able to provide technical direction, interpretation, and alternatives for security control compliant.
• Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool to include, System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required by ICD 503, NIST 800-53, CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO). Direct experience with eMASS, XACTA or other A&A repositories required.
• Develops, reviews, evaluates, and verifies self-testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies, and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS), Cloud, On-Prem, Tactical, etc., within the program’s portfolio.
• Ensure Army IS cybersecurity-related documentation is current and accessible to properly authorized individuals. Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
• Support various information assurance programs such as security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures to include: System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM) 
• Maintains operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed 
• Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A) 
• Provides configuration management (CM) for information system security software, hardware, and firmware 
• Characterize and analyze network traffic to identify anomalous activity and potential threat to network resources 
• Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to acceptable security levels 
• Maintain operational security posture for an information system or program 
• Apply a full range of cybersecurity policies, principles, and techniques to maintain security integrity of information systems processing classified information 
• Perform cyber defense trend analysis and reporting 
• Conducting vulnerability scans and recognizing vulnerabilities in security systems 
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk 
• Resolve computer security incidence and vulnerability compliance 
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan 
• Provide Configuration Management (CM) for security-relevant information system software, hardware, and firmware; Perform risk analysis whenever an application or system undergoes a major change 
• Provide input to the Risk Management Framework (RMF) process activities and related documentation  
• Ensure that Plans of Actions and Milestones or remediation plans are in place for vulnerabilities identified during risk assessment 

ISSO – Senior I

The Senior Level ISSO shall be able to perform ISSO Key Job Functions and the following specific functions:

• Perform validation steps, comparing actual results with expected results and analyze the differences to identify impact and risks and resolve issues prior to formal Security Test events or Site-Based Security Assessments (SBSA).
• Proficient in primary operating system(s) of ISs undergoing security testing (example CDSS based on Linux, individual must be proficient in Linux).
• Technical experience and certification in one or more of the following areas: windows environments, Linux, networking, containers/ virtualization, DevSecOps, or database administration
• Familiar with NCDSMO National Cross Domain Services Management Office), TSABI (Top Secret SCI and Below Interoperability) and SABI (Secret and Below Interoperability) information assurance/cybersecurity requirements.
• Provide over the shoulder training to personnel on the function of the systems and critical cyber areas such as audit, backup, and recovery, etc.
• Must be willing to travel, 50% or more.

ISSO – Senior II

The Senior Level ISSO shall be able to perform ISSO Key Job Functions and the following specific functions:

• Lead the evaluation of cyber security risks (external & internal threats, platform & application vulnerabilities, data protection, etc.), testing controls designed to mitigate risk, communicating issues and findings to management, devising solutions for business improvements, and following-up on corrective actions, may participate on and lead professional teams to execute technical audit projects focused on evaluating the effectiveness of cyber security governance, tools and operations, may evaluate the design, effectiveness and efficiency of information technology and security processes, procedures, and technical controls including solution implementations, identify and address systemic gaps in cyber security risk management.
• Ensure the appropriate organizational operational security posture is maintained for the assigned Army IS.
• Review and evaluate the effects on security of system changes, including interfaces with other ISs and documents all changes. Develops and reviews necessary change management processes and artifacts to support updates to system A&As.
• Fully understand DISA Port Protocol, and Services Management (PPSM) requirement and able to obtain PPSM account for management of PPSM for supporting systems.
• Must be willing to travel, as needed, 25% or more.

ISSO – Mid

The Mid-Level ISSO shall be able to perform ISSO Key Job Functions and the following specific functions:

• Ensure the appropriate organizational operational security posture is maintained for the assigned Army IS.
• Maintain organizational situational awareness and initiate actions to improve or restore cybersecurity posture of assigned IS.
• Implement and enforce assigned Army IS cybersecurity policies and procedures, as defined by cybersecurity-related documentation.
• Relevant experience must be in computer or information systems design/development and with information assurance and accreditation processes (e.g., System Security Plans, Risk Assessment Reports, Certification and Accreditation Packages, and System Requirements Traceability Matrices).
• Review unit or product vendor RMF BOE and provides guidance and oversight.
• Fully understand DISA Port Protocol, and Services Management (PPSM) requirement and able to obtain PPSM account for management of PPSM for supporting systems.
• Must be willing to travel, as needed, 25% and more.

Experience Tier/Level

Senior I

• Years of experience: Eight (8) or more
• Education: MS in Computer Science or a related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Cyber Security, Information Technology, Information Security, and Information Systems)  – Degree can be substituted with Bachelor’s degree in related field and 10 years of relevant experience.
• Certifications: IAT III, DoD Approved Information Assurance (IA) baseline certification, DoD Approved Computing Environment/Operating System (CE/OS), if privilege accounts required (Experience cannot be used as a substitute for DoD 8570/8140 requirements)

Senior II

• Years of experience: Ten (10) or more
• Education: MS in Computer Science or a related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Cyber Security, Information Technology, Information Security, and Information Systems)  – Degree can be substituted with Bachelor’s degree in related field and 15 years of relevant experience.
• Certifications: IAM III, DoD Approved Information Assurance (IA) baseline certification, DoD Approved Computing Environment/Operating System (CE/OS), if privilege accounts required (Experience cannot be used as a substitute for DoD 8570/8140 requirements)

Mid-Level

• Years of experience: Five (5) or more
• Education: MS in Computer Science or a related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Cyber Security, Information Technology, Information Security, and Information Systems) – Degree can be substituted with Bachelor’s degree in related field and 7 years of relevant experience.
• Certification: IAM II, DoD Approved Information Assurance (IA) baseline certification, DoD Approved Computing Environment/Operating System (CE/OS), if privilege accounts required (Experience cannot be used as a substitute for DoD 8570/8140 requirements)

Benefits

• Competitive Salary
• Comprehensive medical coverage
• Dental, Vision, STD/LTD, and Life Insurance Coverage
• 401(k) Retirement Plan – 4% Employer match of employee contribution
• Paid Time Off (PTO)
• Holidays - All employees are given six (6) paid days off and four (5) floating holidays in observance of the U.S. federal holidays
• Health Reimbursement Arrangement (HRA) - 100% funded ($6,500 individual/ $13,000 family)
• Employee Referral Program - Employee referral bonus is paid for eligible candidates after 90 days of employment
• Education Assistance & Continuing Education Program - Employees can use up to $5,000 annually toward continuing education, certifications, training, and conference attendance
• Community Outreach - Employees that volunteer 40 (or more) hours a year to community service or OMNI Community Outreach events receive a cash bonus