The security of our nation and preservation of our nation's interest are critical to the safety and prosperity of the United States. The Microsoft Corporation is proud to have the opportunity to serve as a trusted company of high-risk systems and is seeking a qualified candidate to join our National Security organization as an Information Systems Security Officer (ISSO) in Elkridge, Maryland.
Implementing Government Cyber Security policy & providing guidance (i.e. NIST, NISPOM, DAAPM, etc.). Partner with facility FSO/CSSO to set establish goals, gather performance metrics, document and streamline relevant processes and execute strategies that enable business. Engage with engineers, program managers to perform assessments of systems and networks within an environment, identify deviations with DoD/DISA defined acceptable configurations or local policy. Ensure Information System (IS) assessments are achieved through passive evaluations such as compliance audits and active evaluations. The ISSO will also be accountable to co-lead efforts to establish strict program control processes to ensure mitigation of risks.
If you have experience implementing NIST RMF requirements for National Security Systems, this is an exciting opportunity and you are encouraged to apply today.
Security Clearance Requirements:
The successful candidate must be a US citizen and have an active US Government Security Clearance based on a Tier 5 investigation, formerly Single Scope Background Investigation (SSBI) and pass a polygraph. Candidate must be able to travel to customer sites as required. The selected candidate must be able to start within 30 days of offer acceptance.
Active TS/SCI Security Clearance with Polygraph (most recent Tier 5 investigation within the last 4 years)
5 years of relevant experience, or 2 years of experience with applicable bachelor's degree.
At least one year of direct experience with an intelligence community or signals intelligence activity.
The successful candidate will possess excellent communication and presentation skills as well as can interface effectively with employees and customers of all levels.
Ability to travel to customer locations upon request.
Bachelor's degree in Computer Science, Information Systems, Data Science, Engineering
Current IAM DoD Level 1 Security certification (CAP, GSLC, or Security+ CE)
2 years of information assurance experience, including evaluating, testing, certifying and accrediting of classified and sensitive but unclassified information systems as well as Commercial Off The Shelf (COTS) and Government Off The Shelf (GOTS) products.
2 years of network/system administration.
Experience with analysis and evaluation of both hardware and software in support of Intelligence Community (IC), Department of Defense, and other Federal Government Agencies.
Experience assessing and auditing network penetration testing, antivirus planning assistance, risk analysis and incident response.
Experience applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resultant security risk analysis.
Experience or knowledge of construction for a secure area, ICD 705
Experience managing COMSEC, keying devices, lifecycle planning.
CISSP or PMP certification.
If hired for this position, the team you would be joining is part of our Cloud organization/ and or works with government contracts and as such has a unique background check requirement, detailed below. Please note you will be provided with steps for completing the check if you accept a role on the team.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
Program control processes or content for assessment artifacts in scope will include:
Continuous Monitoring in accordance with the RMF
Process and maintain system security plans (SSP)
Maintain knowledge in system controls for system accreditations
Manage secure areas
Understand engineering requirements to apply controls in compliance of the NIST of the Risk Management Framework (RMF).
Coordination with engineering leadership to enable delivery of Microsoft products & services and provide effective incident response.
Continuous Monitoring, test development and validation testing to enable communication to DoD and IC customers.
Development of audit trail artifacts / Information System (IS) self-assessment checklists.
Execution of investigations to meet Federal requirements.
Develop, create, implement, and support physical and operations security (OpSec) policies, plans, processes and training material that position the FSO and offices to operate in a manner that is compliant with relevant U.S. Government (and/or other unique environment) security standards and requirements for the physical design, construction, and operation of highly confidential and regulated projects.
Document and improve processes around confidentiality, security, and compliance to ensure the work that is being done is conducted per Government standards.
Monitor and audit field sites and supplier processes and methods to assess the state and health of physical and program security.
Receive notifications of incidents and events, assess, and drive root cause analysis (RCA) and remediation plans appropriately.
Collaborate across internal groups, external suppliers, and customers.
Provide subject matter expertise on topics such as: confidentiality, citizenship requirements, security clearances, and information sharing and operations security protocols to internal teams unfamiliar with Federal security requirements.
Maintain confidentiality, information and material handling, and privacy without exception.
Represent Microsoft in engagements with external entities and the U.S. Government.