The Information Systems Security Officer (ISSO) is responsible for conducting Systems Security Engineering activities throughout the acquisition lifecycle ensuring the highest quality of Cybersecurity/Information Assurance (IA) solutions for SNC and supported customers. The ISSO’s primary focus is ensuring the confidentiality, integrity, and availability of systems. The ISSO closely collaborates with the system owners, administrators, engineers, and program managers to ensure cybersecurity controls are effectively implemented throughout the system lifecycle. The ISSO is a vital contributor within SNC’s highly dynamic and fast-paced environment.
PRIMARY RESPONSIBILITIES INCLUDE:
- Support the ISSM and Cybersecurity/IA efforts by establishing or validating the system boundary in describing the IS, its functions, information types operating environments, and security requirements
- Team with SNC, customer, partner, and Authorization Officials (AO) to prepare systems for Assessment & Authorization (A&A) in accordance with established NISPOM, RMF for DOD IT, ICD 503, JSIG & NIST guidelines
- Create and Maintain RMF A&A artifacts: Security Plan, Plan of Action & Milestones (POA&M), Software/Hardware Inventory, Network diagrams, INFOSEC Policies and Procedures, Risk Assessment Report, Security Assessment Plan and Report; Contingency Plan, Incident Response Plan, and Configuration Management
- Employ best practices when implementing security requirements within systems including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques
- Conduct security control assessments; review the adequacy of the security controls and their ability to protect the system and its information; tailor the security controls to ensure compliance
- Coordinate the system security related activities with ISO’s, ISSM’s and CCP’s
- Represent IA in the configuration management process; provide guidance in any acquisition/development activities that impact system security
- Plan and conduct annual and/or ad hoc vulnerability scanning and security control assessments at customer sites to ensure compliance with Authorizing Official requirements (Continuous monitoring)
- Read, interpret, and implement Cybersecurity/IA regulations and requirements; develop and maintain managerial, operational, and technical Cybersecurity/IA skillset
- Collaborate with security managers (both corporate and local), other SSE’s and SSM’s to define, improve, implement and maintain information security policies, strategies, and procedures
- Interface with company and customer staff at all levels
- Periodic travel to SNC, customer and partner facilities (CONUS) in support of program
- Punctuality to work each day and prepared to work scheduled work hours or longer as needed
- Other duties as assigned
- Requires a BS in related field *Relevant work experience as a Network Analyst/Administrator/Engineer, Systems Analyst/Administrator/Engineer, IT Analyst/Administrator, Software Engineer etc… may substitute for required education.
- DoD 8570/8140 compliant: CAP and/or other equivalent certification (desired) *Required within 6 months of hire. Cisco, Microsoft, Linux, or other technical certifications a plus
- Experience in supporting Information Technology (IT) within a classified environment
- Extensive experience with the following tools: Splunk or ELK, ACAS / Nessus, HBSS, eMASS or Xacta (desired)
- Knowledge of technical standards relating to systems security; experience administering Linux, and Windows operating systems, experience with large-scale server systems, thin client architecture, system virtualization and other related peripherals
- Experience with A&A requirements as outlined in the JSIG & NIST RMF
- Complete/thorough understanding of US Government Cybersecurity policies
- Ability to balance cybersecurity requirements with SNC’s mission, goals, and culture
- Strong communication skills, strong critical thinking and problem solving skills; self-motivated with ability to effectively prioritize multiple projects; ability to work with people in a team environment and deal effectively with changing project priorities
- Ability to manage time, make sound decisions, take independent action, analyze problems and provide focused solutions
- High degree of attention to detail
- An active Top Secret with SCI eligibility U.S. Security Clearance required
This position requires an active Top Secret with SCI eligibility U.S. Security Clearance. U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment. Non-US citizens may not be eligible to obtain a security clearance. The Department of Defense Consolidated Adjudications Facility (DoD CAF), a federal government agency, handles the adjudicative aspects of the security clearance eligibility process for industry applicants. Adjudicative factors which affect the outcome of the eligibility determination include, but are not limited to, allegiance to the US, foreign influence, foreign preference, criminal conduct, security violations and illegal drug use.
Sierra Nevada Corporation is an Equal Opportunity Employer
– Minority / Female / Disability / Veteran, or any other protected status
pursuant to applicable local, state or federal law, ordinance or regulation.
To apply for this job please visit topspotjobs.com.