Apply on Employer Site

Future Technologies Inc. · 1 day ago

Cyber Information Systems Security Officer

Dahlgren, VA

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

Future Technologies Inc. is seeking a Cyber Information Systems Security Officer to join their team in Dahlgren, VA. The role involves providing information assurance support, developing cybersecurity guidelines, validating system security requirements, and managing configuration changes to ensure compliance with security standards.

Information TechnologyProfessional ServicesService Industry

No H1B

U.S. Citizen Only

Hiring Manager

Breanne Kretzschmar

Responsibilities

Provide IA support for the development and tactical hardware suites of equipment for H20 programs and products, including laboratory/land-based systems and operational afloat systems. This support includes coordination of system patching, user management, log management, and respective authorization/assess only documentation preparation and review

Assist in the preparation of the authorization documentation for submission to the respective Information Systems Security Manager (ISSM) or other program specific Designated Approving Authority (DAA), utilizing the appropriate DoD Accreditation standards, policies, and directives

Develop IA/cybersecurity guidelines and standard operating procedures (SOPs). Analyze policies, regulations, and system provisions governing standard operating systems. Assists and advise users of policies, regulations, and system provisions for the standard operating systems

Validate and verify system security requirements/controls and coordinate integration of system security capabilities for various environments

Observe, test, and monitor changes in information systems that might affect the security posture. As the ISSO, the candidate shall perform configuration management for information system security software, hardware, and firmware, and manage changes to systems, assessing their security impact. Additionally, notify ISSM on Cybersecurity issues affecting IT systems and software they are assigned to support

Develop, update, and/or review RMF documentation to include the System Security Plan (SSP), Security Control Traceability Matrix (SCTM), Plan of Action and Milestone (POA&M), Risk Assessment Report (RAR), and Security Assessment Plan (SAP)

Qualification

DOD 8140 certificationInformation Assurance experienceRisk Management FrameworkLinuxWindows commandsDISA STIGs knowledgeACAS scans experienceSecurity documentation preparationTechnical security assessmentsMicrosoft Visio experienceScanning containers experienceSoftware Bill of MaterialCommunication skills

Required

DOD 8140 certification at IAT Level II certification (e.g., Security+ CE, CySA+, CCNA Security, GSEC) or attain by allotted time

Minimum of eight (8) years of experience in Information Assurance, Computer Security, or Risk Management Framework for Department of the Navy systems as an ISSO or Information System Security Engineer (ISSE)

Ability to review and update diagrams to accurately reflect system changes

Have knowledge of DoD-approved cybersecurity concepts and tools including DISA STIGs and Assured Compliance Assessment Solution (ACAS) scans in support of system vulnerability management and reporting

Perform and review technical security assessments to identify vulnerabilities and ensure compliance with information assurance (IA) standards and regulations. This includes vulnerability status tracking and reporting in DoD systems

Independently prepare and review security documentation, including System Security Plans (SSPs) and Asses Only/Authorization packages. Independently prepare, review, and update authorization packages

Demonstrated experience with Risk Management Framework and Platform Information Technology (PIT) systems

Strong technical knowledge with 8+ years of Linux and Windows commands and utilities

Excellent written and verbal communication skills along with ability to interface with project lead, software developers, system integrators, and system administrators

Experience with Microsoft Visio or Cameo to update system diagrams and defense-in-depth diagrams

Has knowledge and expertise in DoD-approved cybersecurity concepts and tools including DISA STIGs, Security Content Automation Protocol (SCAP) Compliance Checker, Evaluate-STIG, eMASS, ACAS Scans, and Security Center in support of system vulnerability management and reporting. This includes reviewing IAVMs/IAVAs, tracking vulnerability status and reporting in DoD systems. Additionally, able to register new systems and maintain systems in eMASS

Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements. Familiarity with updating PIA forms annually and eAuthentication every three years, or sooner if needed

Experience with scanning containers (e.g., Podman and Docker) using Anchore Grype

Experience using Anchore Syft to generate a Software Bill of Material (SBOM) from container images and filesystems