Information Systems Security Engineer (ISSE) / Cybersecurity SME

Company Description

Green Cell Consulting  (GCC), LLC  is a Service-Disabled Veteran-Owned Small Business (SDVOSB) founded in 2014. We provide unique and specialized training and education services, including curriculum development, classroom instruction, and exercise support services to the Department of Defense through direct contracting and subcontracting opportunities. GCC emphasizes employing professionals with the appropriate military background and credentials. The professional staff at GCC consists mostly of former military trainers and advisors with a passion for mentoring and coaching. Our employees are extraordinary purpose-driven individuals who deliver industry-leading services and create value for our stakeholders. This unique mix of military careers blended with corporate leadership has contributed to GCC’s continued growth. 

Job Description

The Information System Security Engineer (ISSE) / Cybersecurity Subject Matter Expert (SME) for Modeling and Simulation Systems is responsible to the Project Manager for the security of the local network and supervises and makes recommendations to the Project Manager on the overall cybersecurity of the project.  The ISSE / Cyber SME reports to and receives work direction from the Project Manager through the local prime contractor’s Site Lead. The ISSE for Modeling and Simulation Systems will perform the following duties: 

Essential Duties And Responsibilities 

Role: Cybersecurity SME 

• Provide cybersecurity technical and management support to the Project Team ISSEs at all Battle Simulation Centers (BSCs) and Combined Arms Staff Trainer Facilities (CASTs) on this project. 
• Provide cybersecurity oversight, direction, and guidance to each ISSE as required in support of attaining and maintaining ATOs through the RMF process.  Conduct on-site instruction and technical assistance to each BSC/CAST as required. 
• Monitor each ISSE’s Plan of Action for the implementation of patches/updates on all client, server, and system security vulnerabilities using both automated scanning tools and manual compliance checks. 
• Receive monthly cybersecurity results, activities, and projections reports from each ISSE; collate and report overall cybersecurity results, activities, and projections to the Project Manager monthly. 
• Monitor and report compliance with Marine Corps Cyber Operations Group (MCCOG) issued Marine Corps Enterprise Network (MCEN) Operational Directives (OPDRS) for all BSC/CAST IT systems, information systems, and network resources. 
• Manage the Project Team’s cybersecurity workforce (CSWF). Ensure personnel accessing information systems have the proper IA certification to perform privileged or cybersecurity functions per DoD 8570, Information Assurance Workforce Improvement Program (DoD 8140), and the SECNAV M-5239.2, Department of the Navy Information Assurance (IA) Workforce Management Manual to Support the IA Workforce Improvement Program; and USMC HQMC ECSM 024, Cybersecurity Workforce Program Management. 

Role: ISSE 

• Ensure MCAGCC BSC/CAST complies with cybersecurity policy. 
• Report MCAGCC cybersecurity results, activities, and projections monthly.  
• Implement cybersecurity solutions in compliance with the RMF, NIST, DoD, and Marine Corps policies and standards to establish or sustain ATOs for information systems and networks. 
• Provide cybersecurity oversight, direction, and guidance to the MCAGCC BSC/CAST workforce in support of maintaining ATOs through the RMF process. 
• Provide a consistent reporting environment to maintain and track IT assets and ensure systems are securely managed regardless of location by providing patch coverage across operating systems and applications for improved defense against the latest vulnerabilities. 
• Assess and manage risks associated with information technology resources. 
• Evaluate threats, risks, and vulnerabilities and develop countermeasures to ensure continuation in the event of an IT services disruption. 
• Monitor and report compliance with Marine Corps Cyber Operations Group (MCCOG) issued Marine Corps Enterprise Network (MCEN) Operational Directives (OPDRS) for all MCAGCC BSC/CAST IT systems, information systems, and network resources. 
• Maintain and update a continuous Plan of Action and Milestones (POA&M) for reporting to the ISSO on the implementation of patches/updates on all client, server, and system security vulnerabilities using both automated scanning tools and manual compliance checks. 
• Run and review vulnerability and compliance scans performed at the MCAGCC BSC/CAST on all networks and services using current DoD Assured Compliance Assessment Solution (ACAS), or other approved solution(s) as required. 
• Provide weekly reports to the prime contractor’s Site Lead and the Green Cell site 
• representative for all client, server, and network infrastructure software patches and updates, security vulnerabilities and fix actions, current security vulnerability POAMs, and action required in response to Operational Directive (OPDRS). Ensure sufficient patch management processes are implemented using available and authorized patch management solutions to minimize cybersecurity vulnerabilities and comply with Operational Directives (OpDirs) in support of day-to-day operations and training events and exercises. 
• Implement Information Assurance Vulnerability Alerts (IAVAs), OpDirs, Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), patches, and industry best practices to ensure cybersecurity compliance of BSC/CAST information, C2 and simulation systems. 
• Prepare and maintain A&A-related documentation (i.e., site inventory, software baseline, equipment lists, ports, protocols, and services management (PPSM), self-assessment/test plans, etc.), POA&Ms, security plan, vulnerability scans, Security Assessment Report (SAR), contingency plans, information assurance vulnerability management plans, cybersecurity waiver requests, cybersecurity waiver extension requests, and Federal Information Security Management Act (FISMA) related reporting requirements within Marine Corps Certification and Accreditation Support Tool (MCCAST). 
• Configure and implement Endpoint Security Solutions (ESS) policy to achieve compliance with other USMC C2 information systems (e.g., AFATDS, JADOCS, TBMCS, TCS, etc.). 
• Install, operate, maintain, and troubleshoot ESS client and server elements and modules to support day-to-day operations and training events and exercises. 
• Draft written reports to the Contract Site Lead reporting and correcting BSC/CAST cybersecurity security violations. 
• Maintain current and historical documentation of all BSC/CAST RMF Assessment and Authorization (A&A) packages. 
• Submit Marine Corps Certification and Accreditation Support Tool (MCCAST) packages as required.
• Perform additional related duties as required.

Qualifications

Education

• Bachelor’s degree or 3-5 years of equivalent IT professional experience in lieu of degree.
• Hold DoD 8570.01-M, IAT Level II or greater certification.
• Must possess or be able to obtain CompTIA CySA+ certification within six months of the hire date.
• Must possess and maintain training and certifications sufficient to be granted privileged access to Marine Corps information technology (IT) and information systems (IS) through documented completion of required training and certification.

Experience

• Documented experience and a solid understanding of DoD enterprise network policies with a strong security mindset.
• Experienced and well-versed in USMC and DoD cybersecurity compliance, instructions, policies, and regulations.

Required Knowledge, Skills, and Abilities

• Well-versed in USMC and DoD cyber security compliance, instructions, policies, and regulations.  
• Proficient in Risk Management Framework (RMF), Marine Corps Certification and Accreditation Support Tool (MCCAST), Assured Compliance Assessment Solution (ACAS), Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP), DoD Endpoint Security Solution (ESS), Windows (Server and Client) and RHEL environments, Microsoft Windows Server Update Services (WSUS), 
• Proficient in Microsoft Word, Outlook, Excel, PowerPoint, Visio, Project, and SharePoint. 
• Documented experience and solid understanding of DoD enterprise network policies with a strong security mindset. 
• Excellent interpersonal and communication skills with the ability to interact with others and senior management. 
• Able to read, write, and communicate effectively in English.  
• Strong analytical and problem-solving skills. 
• Excellent organizational, planning, and prioritization skills. 
• Successful experience as a project team member. 

Additional Information

• Ability to obtain or have a security clearance
• Requires 0% - 5% travel
• Daily travel in the local area during the workday (including the use of a personal vehicle)
• Extended work days and weekend work may be required. Must be able to work an unstable schedule, including holidays and weekends, to support exercises. 
• Ability to work from a remote location
• Required to sit or stand for extended periods of time and maintain focus.
• May be required to lift, carry, and move computers and associated equipment.
• Skillbridge Internships will be considered.
• Start Date: June - July 2024
• Required to perform work in connection with a covered contract and, therefore, must comply with Safer Federal Workforce standards
• This position description outlines the general responsibilities and requirements for the stated position and in no way is an exhaustive list. The company maintains the right to assign or reassign responsibilities to this position at any time.

Green Cell is a Drug-Free Workplace and Equal Opportunity/Affirmative Action Employer. All hiring decisions are based on nondiscriminatory factors without regard to race, color, gender, religion, national origin, disability, genetic information, or status as a disabled veteran or other protected veteran, or any other class protected by law. In addition, Green Cell engages in affirmative action efforts, where appropriate, to employ, train, and promote qualified minorities, women, the disabled, disabled veterans, newly separated veterans, or other protected veterans. This organization participates in E-Verify. If you require assistance applying for any currently open online position, please contact a Green Cell representative.  All your information will be kept confidential according to EEO guidelines.