Information Systems Security Officer

United States-Maryland-Fort Meade-20362-FME2

Amentum

Explore Amentum's commitment to global government and private-sector solutions. Learn about our global mission to drive mission success.

View all jobs at Amentum

Apply now Apply later

Information Systems Security Officer - (CIS0002UG) 

Your Impact:

 

The Intel and Cyber Division is assembling a team of network engineers, systems engineers, Unified Communications Engineers, and Integration Engineers, change management specialists, information assurance professionals, and procurement personnel knowledgeable in SCRM processes to support a program that provides critical network capabilities. We are committed to recruiting and retaining this team for prototype development, test, and demonstration, as well as making this team available longer term for integration, deployment and sustainment as needed.

Candidates interested in joining the team must be critical thinkers, have a strong work ethic, and be able to work independently or as a member of a team in a dynamic environment that supports a critical and rewarding mission. We value candidates who are detail-oriented while also being able to think and react quickly to emerging and unique problem sets. To be successful, you must be able to rapidly adapt and learn how to operate the front and back end of new products and processes. 

Responsibilities: 
The duties and responsibilities of the Information Systems Security Officer include, but are not limited to, the following: 

  • Generate and maintain the complete security Body of Evidence (BoE) while leading the A&A activities according to the Risk Management Framework (RMF) processes (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.) for all multiple information systems. 
  • Lead the development and maintenance of information security policies, standards, and control procedures to enable compliance with RMF.
  • Complete Security Authorization packages, to include System Security Plans, Security Assessment Reports, POA&M summaries and a Continuous Monitoring Plan/assessment schedule, and present executive briefing to senior management.
  • Ensure security risk assessments are conducted as appropriate on any system upgrades, software/hardware changes, etc.
  • Ensure security authorization boundaries are properly defined and captured in the system security plans, and that all interconnection agreements are in place and current.
  • Ensure system security controls contain accurate implementation statements and assessments results, and that appropriate artifacts are completed to support findings provide hands-on assistance as appropriate.
  • Ensure POA&Ms have appropriate milestones, accurate description of the weaknesses and remediation, estimated cost to completion and realistic due dates providing hands-on assistance to components as necessary.
  • Maintain day-to-day security posture and continuous monitoring of all Information Systems.
  • Review system vulnerability scans, verify implementation of DISA STIG’s, and ensure other security relevant information system configuration tasks are completed.
  • Perform test/evaluation of required technical security controls including performing certification tests and periodic inspections of information systems.
  • Develop and conduct test procedures for verification Assessment and Authorization (A&A), Risk Management Framework (RMF) safeguards to meet customer requirements based NIST publications.
  • Assess changes to an IS by performing periodic self-inspections, tests, and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities.

#divergent

 

Here's What You'll Need:

 
  • Must meet DoD 8570.01-M IAT-II or IAM-I baseline certification requirements such as Security + or equivalent.
  • Experience with Microsoft Office applications such as Excel, Word, and Outlook.
  • Experience in development of technical documentation to include artifacts required to support Assessment & Authorization (A&A) under the Risk
  • Management Framework.
  • Experience with security configurations across multiple operating systems in various environments, to include Windows, Linux, UNIX, utilizing Active Directory/Group Policy.
  • In-depth knowledge of Microsoft Windows OS (client and server); familiarity with Red Hat Enterprise Linux (RHEL) desired.
  • Experience in development of technical documentation to include artifacts required to support Assessment & Authorization (A&A) under the Risk Management Framework.
  • Experience with eMASS, XACTA, ACAS/NESSUS, Trellix, and Splunk.
  • Experience with risk managed downloads, IS sanitization and destruction, contaminations, incident response, virus scanning, privileged user access, and hardware/software configuration management.
  • Experience with developing IT policy, guidance, or procedure documentation supporting cybersecurity accreditations.
  • Experience with analyzing, assessing, or implementing NIST SP 800-53 security controls, CCIs, and associated assessment procedures.
  • Experience with developing and presenting complex technical information for technical and non-technical audiences.
  • Expert familiarity with RMF.
  • Experience with Microsoft Office applications such as Excel, Word, Outlook, and SharePoint.
  • Exceptional attention to detail; excellent verbal and written communication skills; strong organizational skills; critical thinking and problem-solving skills. 
  • Ability to work both independently and as part of a team in a dynamic environment. 
  • Ability to travel up to 25%.

Clearance Required:  

  • Must have active Top Secret clearance with SCI or TS with the ability to acquire SCI 

Minimum Education:

  •  High School Diploma

Minimum Years of Experience: 

  • 8+ years of related experience 

Preferred: 

  • Bachelor's degree in cybersecurity or related field
  • Previous supervision and/or participation with cybersecurity Assessment and Authorizations.
  • Ability to provide hands-on cyber security tool assistance as necessary.
  • Familiarity with cybersecurity tool suite; ForeScout, Avanti, and HBSS.
 All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. 

Primary Location

: United States-Maryland-Fort Meade-20362-FME2

Job Posting

: Oct 11, 2024, 9:22:37 PM

Job

: Information Technology

Organization

: CMS

Job Type

: ExperiencedJob Classification: Fulltime-Regular

Work Locations

: 20362-FME2 Customer Site  Fort Meade 20755Capabilities: Cyber
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: ACAS Active Directory Clearance Clearance Required Compliance DISA DoD DoDD 8570 eMASS IAM ICD 503 Incident response Linux Monitoring Nessus NIST NIST 800-53 POA&M Red Hat Risk assessment Risk management RMF Security assessment Security Assessment Report SharePoint Splunk System Security Plan Top Secret Top Secret Clearance Travel UNIX Vulnerabilities Vulnerability scans Windows

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.