Information System Security Officer (ISSO)
Boulder, Colorado, United States
SciTec
The world brings problems; SciTec builds solutions. Our team is committed to delivering cutting-edge advancements for defense, security, and civil affairs.SciTec, Inc. is a dynamic small business which delivers advanced sensor processing technologies and scientific instrumentation capabilities in support of national security and defense applications. We support customers throughout the Department of Defense and U.S. Government in building innovative new tools to deliver unique, world-class data exploitation capabilities.
SciTec has an immediate opportunity for a talented Information Systems Security Manager (ISSM) in our Boulder, CO office. The ISSM will be responsible the accreditation and administration of a secure computing environment, both leading the implementation of technical security controls and spearheading coordination with accrediting and assessing agencies. The ISSM will need to work well in a team environment with a commitment to ensure security awareness and techniques are communicated effectively across the workforce. SciTec is searching for a candidate who will thrive in an environment where they are both expected to take the initiative to solve problems and empowered to see problems through to their conclusion.
Requirements
Duties:
- Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each information system
- Provide liaison support between the ISSM, system administrators, and system users
- Ensure that selected security controls are implemented and operating as intended during all phases of the information system lifecycle
- Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis
- Conduct required information system vulnerability scans according to risk assessment parameters.
- Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
- Coordinate system owner concurrence for correction or mitigation actions
- Monitor security controls for information systems to maintain security Authorized to Operate (ATO)
- Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS) to support security control implementation during the monitoring phase
- Ensure that changes to an information system, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and information system Security Manager (ISSM)
- Ensure the removal and retirement of information systems being decommissioned in coordination with the system owner and ISSM
- At least one year serving as an Information Systems Security Officer (ISSO) at a cleared facility.
- Familiarity with the use and operation of security tools including SCAP, OpenRMF, Tenable Nessus or similar applications.
- The ISSO will apply broad technical, operational, and policy expertise in the management of all aspects of operational Information System Security and Computer Network Defense.
- Is technical lead for the Risk Management Framework (RMF) package creation and compliance
- Contribute to Cybersecurity Maturity Model Certification (CMMC) efforts on the unclassified network.
- Performs other related duties and assignments as required.
Requirements:
- Must be a U.S. Citizen.
- Must have at least a high school diploma.
- Hold an active Secret, or higher, US government security clearance.
- Have at least two years of systems administration experience.
- Must have experience with Windows/Linux based troubleshooting; understand where to locate specific log files for forensics.
- Understanding and practical application with one or more of DoD policies and directives, NIST standards, RMF controls, JSIG, and/or CMMC
- Experience with certifying compliance of various operating systems.
- Ability to evaluate effectiveness, suitability, survivability and interoperability of systems, relating to Cybersecurity and provide key feedback to improve the overall Cybersecurity posture
- Ability to research and develop solutions to emerging cyber threats.
- Proficient with Microsoft Word, Microsoft Excel, OneDrive
- Self-starter with ability to work independently
- Ability to understand, explain, interpret, and apply rules, regulations, directives, and procedures
- Have a deep understanding of computer operating systems, hardware, and software
Preferred experience, skills, and abilities
- Have an active Top Secret security clearance or recently active clearance within 24 months
- Possess a current DoD 8570 certification (Security+, CISSP, etc.)
- Four-year degree in Information Technology, Cybersecurity, Computer Science or related field
- Python, PHP, Perl, PowerShell, or Bash scripting experience.
- Experience working with the ELK stack.
- Experience administering the system functions including security policies and account management of Microsoft Windows and Server as well as Linux/Unix-based systems.
- Have experience with VMware or other virtualization software.
- Experience with Azure, AWS, or similar cloud environments
- Have experience working in or directly supporting the DoD or other U.S. government entities
- Incident handling experience
Benefits
As a small business, SciTec, Inc. offers room for growth and a flexible, fast-paced work environment. We work daily to develop one-of-a-kind solutions for challenging national problems. SciTec encourages collaboration across our offices in Boulder, El Segundo, Dayton, Huntsville, Virginia, and our headquarters in Princeton, and provides access to opportunities across the corporate spectrum. Initiative is expected and encouraged, all employees have the opportunity and flexibility to broaden their technical horizons, and our daily work makes an impact on the world around us. SciTec offers a highly competitive salary and benefits package, including a variety of benefits including health insurance, parental leave, vision, life, and disability insurance, 401(k)plan with employer contribution, holidays and paid time off plans (including vacation and sick time), an annual profit-sharing plan, and an annual performance bonus plan. The salary range for this position is $87,000 to $20,000; however, SciTec considers several factors when extending an offer of employment, including but not limited to, the role and associated responsibilities, a candidate’s work experience, education/training, and key skills. This is not a guarantee of compensation. SciTec is committed to hiring and retaining a diverse workforce and is proud to be an Equal Opportunity/Affirmative Action employer.
Tags: AWS Azure Bash CISSP Clearance Cloud CMMC Compliance Computer Science DoD DoDD 8570 ELK Forensics Governance Linux Log files Monitoring Nessus NIST Perl PHP PowerShell Python Risk assessment Risk management SCAP Scripting Security Clearance Top Secret UNIX VMware Vulnerabilities Vulnerability scans Windows
Perks/benefits: Competitive pay Flex hours Flex vacation Health care Insurance Parental leave Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs