Cyber Security Specialist- Information Systems Security Officer (ISSO)

CSA+Capstone is seeking a Cyber Security Specialist to provide our Navy client with Cyber Security information technology and Information System Security support.  As a member of the Naval Education Training Command (NETC)- Cyber Security Team, conduct research, data analysis, onsite Cyber Security (CS)/Information Assurance (IA) support, and provide Risk Management Framework support.

Responsibilities

• Provide on-site CS/IA technical expertise in a broad array of areas, including CS and network security policy, and Risk Management Framework (RMF).
• Conduct risk analyses from vulnerability, compliance scans, or other audit activity.
• Coordinate/lead along with the Government CS lead and the Program of Record (PoR) PM assigned Authority to Operate (ATO) efforts and make recommendations to improve the processes.
• Develop and/or assist in the development of, but not limited to System Security Plans (SP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment Report (RAR), Plan of Action and Milestones (POAM) System Specific Policies and Procedures, Contingency Plan (CP), Disaster Recovery Plan (DRP), Incident Response Plan (IRP), Patch and Vulnerability Management Plan, Test Results, Business Impact Analyses (BIA), and the Security Impact Analyses (SIA).
• Support security testing and analysis of Information Management/Information Technology (IM/IT) capability requests (applications, systems, networking devices) being introduced to the Navy Enterprise.
• Support the performance of security testing and evaluation of applications against applicable security criteria using common tools, including ACAS (Assured Compliance Assessment Solution), SCAP (Security Content Automation Protocol) Compliance Checker, and DISA (Defense Information (STIGs).
• Produce security testing reports, including Security Risk Assessment Reports detailing the findings noted during testing.
• Assist programs with completing security documentation to meet assessment and authorization requirements.
• Support the local ISSM with reviewing and completion of Navy System Access Authorization Requests (SAAR-N)

Qualifications

• High School Diploma or equivalent.
• 6 years of related experience.
• Ability to obtain and maintain an Active U.S. Government Secret Clearance.  Be able to pass a security investigation and meet eligibility requirements for access to classified information.
• Experience executing the NIST Risk Management Framework.
• Supporting the security Assessment and Authorization/ATO process.
• Experience with reviewing, comprehending and documenting findings from ACAS (Assured Compliance Assessment Solution) Reports.
• Experience with SCAP (Security Content Automation Protocol).
• Experience with DoD Architecture Framework (DoDAF) standards and assessments of enterprise information security architecture, processes, procedures, activities, and operations.
• Experience with DoD Port, Protocols, and Services Management (PPSM)
• Experience with performing cyber security risk assessments and identifying, verifying, and consolidating specific vulnerabilities, causes, analysis of alternatives and identification of appropriate corrective actions from each risk assessment conducted.
• Experience with evaluation of Security Technical Implementation Guides (STIGs) to determine applicability to systems and assets.
• Functional expertise with Microsoft Office suite of products, including Word, Excel, PowerPoint, Visio, and Project.
• DoD Secret Clearance

Certifications

• Navy Cyber Security Workforce (CSWF) baseline certification at IAM Level I or a higher level certification is required. Acceptable certifications include Security+ CE, CAP, CND, GSLC, Cloud+, and HCISPP. 
• IA Contractor Training and Certification and Computing Environment (CE) certification may be required at the task order level.

Preferred Qualifications

• BA or BS degree from an accredited institution in related field (e.g., Management Information Systems, Information Technology, Computer Science, Math, Business, Engineering, or Physical Science, etc.)
• Prior experience with DoD Risk Management Framework (RMF).
• Experience with eMASS and/or Vulnerability Remediation Asset Manager (VRAM) would be beneficial.
• IT project management experience supporting Navy or DoD network systems.
• Excellent oral and written communication skills, including drafting, reviewing, and editing technical graphs, briefs, or documents.
• Evidence of being detail oriented with strong critical thinking in areas of IT process analysis / process improvement.
• Possesses Good Team Skills having the ability to coordinate and work well with others.

The likely salary range for this position is $75,000 - $85,000, this is not, however, a guarantee of compensation or salary; rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. 
This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice.
Applicants may need to meet eligibility requirements for access to classified information; an active United States Department of Defense security clearance or the ability to obtain one may be required for this role.
As a federal contractor, CSA is subject to any federal vaccine mandates or other customer vaccination requirements. All new hires are required to report their vaccination status. 
WE BELIEVE great companies know who they are and what they stand for. CSA’s common purpose and core values were purposefully developed to create a culture focused on unlocking the full potential of our people—so they are inspired to solve our clients’ toughest challenges. It’s no secret, we owe the past 18 years of our success to our outstanding and ambitious team members. To support our hard working team, we offer an environment focused on learning and growth, an awesome benefits package, and opportunities to build a long and successful career. We are constantly on the hunt for talented, forward-thinking problem solvers with an energetic attitude and a strong work ethic to join our elite team of CSAers.     
Be a part of CSA… do great things!
CSA is a Federal Contractor and an Equal Opportunity/Affirmative Action Employer.
If you are an individual with a disability and would like to request a reasonable workplace accommodation for any part of our employment process, please send an email to hr@csaassociates.com. Please indicate the specifics of the assistance needed. Assistance is reserved for individuals who are requesting a reasonable workplace accommodation. It is not intended for other purposes or inquiries. We’re an equal opportunity employer that empowers our people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status or other protected characteristic.
Federal Equal Opportunity is the LawFederal Employee Rights under FMLAFederal Employee Polygraph Protection ActE-Verify Participation Poster (uscis.gov)If you are a California resident applying for a job, you consent to our California Job Applicant Privacy Notice.
Notification for current or previously cleared professionals:
Official U.S. Government information appearing in the public domain shall not automatically be considered UNCLASSIFIED or approved for public release. CSA recognizes that information contained in resumes of current or previously cleared professionals may be sensitive, contain potentially proprietary and/or protected information. Protected Information is considered classified, in the process of a classification determination, or unclassified, but protected by statute. Therefore, all resumes should be approved for public release by a U.S. Government Official with Original Classification Authority, prior to posting the resume to CSA’s applicant tracking system.By submitting my resume, I understand that I am NOT authorized to upload content with Official U.S. Government information that is considered, sensitive, proprietary, or protected.