Information System Security Officer (ISSO)

SciTec, Inc. is a dynamic small business which delivers advanced sensor processing technologies and scientific instrumentation capabilities in support of national security and defense applications. We support customers throughout the Department of Defense and U.S. Government in building innovative new tools to deliver unique, world-class data exploitation capabilities.

SciTec has an immediate opportunity for a talented Information Systems Security Manager (ISSM) in our Boulder, CO office. The ISSM will be responsible the accreditation and administration of a secure computing environment, both leading the implementation of technical security controls and spearheading coordination with accrediting and assessing agencies. The ISSM will need to work well in a team environment with a commitment to ensure security awareness and techniques are communicated effectively across the workforce. SciTec is searching for a candidate who will thrive in an environment where they are both expected to take the initiative to solve problems and empowered to see problems through to their conclusion.

Requirements

Duties:

• Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each information system
• Provide liaison support between the ISSM, system administrators, and system users
• Ensure that selected security controls are implemented and operating as intended during all phases of the information system lifecycle
• Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis
• Conduct required information system vulnerability scans according to risk assessment parameters.
• Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities
• Coordinate system owner concurrence for correction or mitigation actions
• Monitor security controls for information systems to maintain security Authorized to Operate (ATO)
• Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS) to support security control implementation during the monitoring phase
• Ensure that changes to an information system, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and information system Security Manager (ISSM)
• Ensure the removal and retirement of information systems being decommissioned in coordination with the system owner and ISSM
• At least one year serving as an Information Systems Security Officer (ISSO) at a cleared facility.
• Familiarity with the use and operation of security tools including SCAP, OpenRMF, Tenable Nessus or similar applications.

• The ISSO will apply broad technical, operational, and policy expertise in the management of all aspects of operational Information System Security and Computer Network Defense.
• Is technical lead for the Risk Management Framework (RMF) package creation and compliance
• Contribute to Cybersecurity Maturity Model Certification (CMMC) efforts on the unclassified network.
• Performs other related duties and assignments as required.

Requirements:

• Must be a U.S. Citizen.
• Must have at least a high school diploma.
• Hold an active Secret, or higher, US government security clearance.

• Have at least two years of systems administration experience.
• Must have experience with Windows/Linux based troubleshooting; understand where to locate specific log files for forensics.
• Understanding and practical application with one or more of DoD policies and directives, NIST standards, RMF controls, JSIG, and/or CMMC
• Experience with certifying compliance of various operating systems.
• Ability to evaluate effectiveness, suitability, survivability and interoperability of systems, relating to Cybersecurity and provide key feedback to improve the overall Cybersecurity posture
• Ability to research and develop solutions to emerging cyber threats.
• Proficient with Microsoft Word, Microsoft Excel, OneDrive
• Self-starter with ability to work independently
• Ability to understand, explain, interpret, and apply rules, regulations, directives, and procedures
• Have a deep understanding of computer operating systems, hardware, and software

Preferred experience, skills, and abilities

• Have an active Top Secret security clearance or recently active clearance within 24 months
• Possess a current DoD 8570 certification (Security+, CISSP, etc.)
• Four-year degree in Information Technology, Cybersecurity, Computer Science or related field
• Python, PHP, Perl, PowerShell, or Bash scripting experience.
• Experience working with the ELK stack.
• Experience administering the system functions including security policies and account management of Microsoft Windows and Server as well as Linux/Unix-based systems.
• Have experience with VMware or other virtualization software.
• Experience with Azure, AWS, or similar cloud environments
• Have experience working in or directly supporting the DoD or other U.S. government entities
• Incident handling experience

Benefits

As a small business, SciTec, Inc. offers room for growth and a flexible, fast-paced work environment. We work daily to develop one-of-a-kind solutions for challenging national problems. SciTec encourages collaboration across our offices in Boulder, El Segundo, Dayton, Huntsville, Virginia, and our headquarters in Princeton, and provides access to opportunities across the corporate spectrum. Initiative is expected and encouraged, all employees have the opportunity and flexibility to broaden their technical horizons, and our daily work makes an impact on the world around us. SciTec offers a highly competitive salary and benefits package, including a variety of benefits including health insurance, parental leave, vision, life, and disability insurance, 401(k)plan with employer contribution, holidays and paid time off plans (including vacation and sick time), an annual profit-sharing plan, and an annual performance bonus plan. The salary range for this position is $87,000 to $120,000; however, SciTec considers several factors when extending an offer of employment, including but not limited to, the role and associated responsibilities, a candidate’s work experience, education/training, and key skills. This is not a guarantee of compensation. SciTec is committed to hiring and retaining a diverse workforce and is proud to be an Equal Opportunity/Affirmative Action employer.