Information Systems Security Officer

Your Impact: Jacobs is interviewing Information Systems Security Officer (ISSO) candidates with an active TS/SCI clearance to support our classified IC and DoD information systems.

The position is based in Severn, MD and may require periodic travel between our satellite offices in the DMV area. As a Jacobs ISSO, you will be responsible for the Authorization and Assessment (A&A) and security compliance for a portfolio of classified information systems/networks spanning various stages of the Risk Management Framework (RMF). This position requires a great degree of individual responsibility, and you must be able to accomplish your duties with minimal supervision. This position will provide opportunities to grow within the role and cross-train with your ISSO teammates.

It will expose you to a variety of different government customers and it will expand your technical skillset. If you are up for a challenge, come join our team! Responsibilities: · Managing system security authorizations and submitting packages in NISP Enterprise Mission Assurance Support Service (eMASS), Xacta 360, and/or ServiceNow CAM/GRC. · Creating, maintaining, and executing the continuous monitoring plan (CMP). · Ensuring systems are operated, maintained, and decommissioned in accordance with the system security plan (SSP) and ATO letter. · Monitoring anti-malware software for signs of compromise. · Updating and remediating system POA&M liens that identify weaknesses or administrative deficiencies. · Ensuring audit logs are collected and analyzed weekly in accordance with the system security plan (SSP). · Developing, updating, and submitting the Security Authorization Package to the Information System Security Professional (ISSP) / Security Control Assessor (SCA). · Completing the security controls implementation and self-test plans. · Running periodic vulnerability and compliance scans using Tenable Nessus and/or DISA SCAP Compliance Checker (SCC). · Performing a Security Impact Analysis (SIA) prior to making system changes in accordance with the configuration management plan. · Enforcing U.S.

Government approved procedures for sanitization/release of classified system components and media. · Responding to and reporting all security-related incidents to the appropriate Jacobs and customer stakeholders. · Ensuring user account briefings are completed prior to adding/modifying system accounts. · Coordinating with the Facility Security Officer (FSO) and the Insider Threat Program Senior Official (ITPSO) to ensure insider threat awareness is addressed within the system security programs. · Ensuring user activity monitoring (UAM) data is analyzed, stored and protected in accordance with the ITPSO policies and procedures. · Serving as a voting member of the Configuration Control Board (CCB). · Formally notifying the Information System Owner (ISO) and Authorizing Official (AO) of any changes to a system that could affect authorization. · Overseeing the removable/portable media control program and labeling of classified IT equipment. · Coordinating circuit requests/installations/upgrades and assisting FSO with completion of the Fixed Facility Checklist for Jacobs SCIFs. · Ensuring all privileged/general users receive the necessary security training and briefings before they are granted system access. #DVS #DIVERGENT #DIVERGENTSOLUTIONS Here's What You'll Need: · U.S. Citizenship and an active TS/SCI clearance with polygraph. · 2 years of direct ISSO/ISSM work experience in the field of system security authorization under the RMF. · DoD Approved 8570 Baseline Certification: Minimum IAT Level II / IAM Level I certification is required (e.g.

CompTIA Security CE). Higher-level certifications such as CASP CE or CISSP (or Associate) will also be accepted. · Experience working with eMASS, ServiceNow CAM/GRC, and Xacta 360 IA Managers. · Practical knowledge of the security authorization processes and procedures as defined by the RMF in NIST SP 800-37, NIST SP 800-53, and the DCSA Assessment and Authorization Process Manual (DAAPM). · Familiarity with contents of ICD 503, NIST SP 800-137, NIST SP 800-88, CNSSI 1253, and 32 CFR Part 117 (NISPOM Rule). · Demonstrable experience with DISA STIGs/SRGs, SCAP Compliance Checker (SCC), and DOD/DISA STIG Viewer. · Experience creating new authorization packages for classified contractor information systems/networks. · Must complete all mandatory DCSA/CDSE training courses within 6 months of appointment. · Knowledge of commercial security products, hardware/software security implementation, secure communication protocols, and encryption techniques/tools. · Familiarity with security incident management and experience in responding to security incidents, data spills, etc. · Experience creating and presenting documentation and reports. Preferred: · Demonstrable experience using DoD ACAS (Tenable Nessus) and Splunk. · DoD 8570 IASAE Level I/II/III and/or IAM Level II/III certifications. · Technical systems/network administration experience. · Hands-on technical knowledge of Windows, Linux, Cisco, and Palo Alto operating systems. · Experience using Security Information Management System software to track information system equipment and user training.