Official UC blog

Information Systems Security Officer ISSO for SciTec in CA- El Segundo (see listing for salary info) STIG

Written by Jody M. | Dec 13, 2024 9:08:41 PM

SciTec has an immediate opportunity for a talented Information Systems Security Officer (ISSO) to support our El Segundo satellite office. The ISSO will assist in developing RMF accreditation packages and assist in maintaining Authorization To Operate (ATO) certifications for networked systems and applications used by the organization. The ISSO will assist in developing information system documentation and providing a designated set of standard controls for the authorization package, including the executive summary, system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones. This system certification documentation must comply with DoD and Civilian Agency policy focused on NIST 800-171, NIST 800-53 Security and Privacy Controls, and CMMC. The position may include CMMC application and accreditation duties, developing and implementing continuous monitoring strategies, and enhancing company best practices related to the IT Security posture.

Responsibilities

  • Lead the development, maintenance, and evaluation Information System (IS) security documentation, including System Security Plans (SSPs), Continuity of Operations Plans (COOPs), and Standard Operating Procedures (SOPs).
  • Maintain system certification packages in a centralized repository, supporting primarily NIST 800-171, NIST 800-53, both DIACAP 8500.2 and Risk Management Framework, Continuous Monitoring and Risk Scoring (CMRS), and DoD Information Technology (IT) Portfolio Repository (DITPR).
  • Conduct cybersecurity controls assessments in accordance with applicable regulatory guidance, including NIST 800-53, NIST 800-37, NIST 800-60, and DoD 8500.01. Managing Plans of Actions and Milestones (POA&M) originating from these assessments.
  • Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS) to support security control implementation during the monitoring phase.
  • Ensure that selected security controls are implemented and operating as intended during all phases of the Information System (IS) lifecycle and RMF process
  • Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis.
  • Conduct required IS vulnerability scans according to risk assessment parameters.
  • Continuously evaluate system security posture, identifying opportunities for improvement, and supporting the implementation of these improvements.
  • Support the local SciTec Facility Security Officer (FSO) in ensuring the physical protection of information technology systems, including supporting the deployment of physical security measures such as intrusion detection systems.
  • Contribute to other corporate security and information assurance activities throughout the company with System Administrators, Security, and other stakeholders.
  • Provide local on-site and corporate Information Technology support.
  • Other duties as assigned

Requirements

  • Candidates must have an active SECRET government security clearance.
  • 2+ years of experience specifically supporting the compliance of government or contractor information technology systems under the oversight of the DoD or the Intelligence Community.
  • CompTIA Security+ Certification
  • Ability to evaluate effectiveness, suitability, survivability, and interoperability of systems, relating to cybersecurity and provide key feedback to improve the overall cybersecurity posture.
  • Experience administering the system functions including security policies and account management for both Microsoft Windows and Linux/Unix-based systems.
  • Have familiarity with the use and operation of DISA SCAP and STIGViewer tools.
  • Self-starter with ability to work independently and with a team distributed across multiple time zones.
  • Ability to understand, explain, interpret, and apply rules, regulations, directives, and procedures.
  • Detail oriented
  • Good verbal and written communication skills

Candidates who have one or more of the following skills will be preferred:

  • An active TOP SECRET clearance.
  • A CISSP (or CISSP Associate) certification, or an alternate qualifying certification satisfying DoD 8570.01M requirements for an Information Assurance Technician Level III or an Information Assurance Manager Level II.
  • Prior successful experience as an ISSO.
  • Experience with maintenance of DevSecOps environments, including GitLab Continuous Integration / Continuous Deployment (CI/CD) and package artifact management using JFrog Artifactory.
  • Have experience with VMware or other virtualization software.
  • Incident response and reporting experience.

For more info.: https://hubs.la/Q02_FTb20