Previous Job
Information System Security Officer (ISSO)
Ref No.: 17-14319
Location: Bethesda, Maryland
Location: Information Systems Security Engineer
Duration: Full Time
Location: Bethesda MD

Information Assurance Cyber Security Specialist
Clearance: Active Top Secret
ISSE ( IA person with relevant knowledge and experience in RMF, ICD-503, NIST SP800-53, and System Security Plans (SSPs)
Key Role:
The candidate must be familiar with network vulnerability scanners (e.g. Retina, ACAS, Nessus). The candidate must be familiar with patch management software (e.g. WSUS, SCCM, SMS, Hercules, etc.). Event Logging and analysis for a Defensive Cyber Infrastructure, Accreditation Cyber Forensic analytics capabilities.

Provide subject matter expertise in the provision of information assurance (IA) support for certification and accreditation (C&A), DIACAP or RMF accreditation package and artifact generation, requirements analysis, security test and evaluation (ST&E) plans and execution, risk assessments, systems analysis and hardening, incident response and policy analysis, trusted product evaluations, IA program assessments, and security posture presentations. Provide analytical support for the development and submission of C&A documentation in compliance with the DIACAP or RMF requirements. Apply knowledge of technology, analyze the security implications of systems and applications security, and provide recommendations to decision-makers and engineers. Provide experience-based advice and assistance to facilitate C&A efforts.

Design, develop, and recommend integrated security system solutions that will ensure proprietary and confidential data and systems are protected. Provide technical engineering services for the support of integrated security systems and solutions. Interface with the client in the strategic design process to translate security and business requirements into technical designs. Configure and validate secure complex systems and test security products and systems to detect security weakness.

Basic Qualifications:
-3+ years of experience with providing information assurance support, documenting compliance, or evaluating IA security posture in a DoD environment
-Experience with cyber remediation of network systems, to include user equipment (laptops, desktops, and tablets) and network devices (Servers)
-Analyze and/or administer security controls for information systems in lab and field environments
-Ensure designs meet applicable security technical implementation guides (STIGs)
-Conduct engineering vulnerability assessment of systems utilizing DoD approved IA tools (ACAS) and DISA STIGs
-Identify technical applicability, remediate, support mitigation of IAVA notices and support metric reporting
-Research, interpret, and provide technical policy guidance pertinent to information and system security
-Exercise creative thinking and ideation to advance our business performance
-Deliver innovative, flexible, integrated solutions to meet customers changing business needs
-Support and engage in programs, projects and practices and strategy, and comply with all policies and procedures
-Follow industry and department trends and developments to ensure services are consistent with, and/or superior to, industry best practices
-Experience with reviewing government guidance, including task orders, directives, STIGS, or IAVAs for applicability and implementation
- Top Secret clearance required
-AA or BS degree (Experience can be substituted for educational requirements.)
-Operating System Certification (Windows10, Server 2012 or Linux)

Preferred Qualifications:
-BA or BS degree in a technical area (Computer Science, Information Assurance, Cyber Security...)
- Certified Information Systems Security Professional (CISSP) certification preferred
-Experience with developing and maintaining DoD Information Assurance Certification and Accreditation Process (DIACAP) or Risk Management Framework (RMF) packages
-Experience with vulnerability assessments using various scanning tools
-Experience with performing, interpreting, and reporting vulnerability assessments
-Experience in working with Enterprise Mission Assurance Support Service (eMASS)
-Experience with developing and presenting, orally and in writing, technical information to non-technical audiences and clients
-Knowledge of computer networking and network-based information assurance devices