Information Systems Security Officer

Overview/ Job Responsibilities

Sev1Tech is looking for an experienced Information Systems Security Officer (ISSO) who can prepare, submit, and monitor accreditation packages through the Risk Management Framework (RMF) process ensuring receipt of Interim Authority to Test (IATT) or Authority to Operation (ATO) in support of the Naval Supply Systems Command (NAVSUP) Ordnance Information System (OIS) program. The ISSO will not only maintain current operating cybersecurity environment (data center) but will also support the program's transition to AWS GovCloud operating environment.

The ISSO will apply their knowledge of Cybersecurity engineering best practices used to secure technical solutions, including applications, systems, architectures, and infrastructures that are operationally viable and efficient on-site in either Mechanicsburg, PA, or Yorktown, VA.

This critical role will also be responsible for:

• Meeting and maintaining CYBER certification and accreditation requirements, including researching, testing and providing technical information for obtaining CYBER accreditation.

• Developing Security Requirements Traceability Matrix (STRM), aligning security requirements with the individual components of a system.

• Performing checks of systems and applications for IA vulnerabilities using approved automated IA tools (ACAS, SCAP-compliant scanners, DISA STIG Viewer, etc.), custom scripts and manual processes (i.e., Security Technical Implementation Guides [STIGS]).

• Monitoring OIS security posture, documenting raw findings in a quick look report, for customer notification. Create and maintain system Plan of Action and Milestones (POA&Ms) of open vulnerabilities and applied mitigations utilizing Department of Defense Enterprise Mission Assurance Support Service (eMASS) tool.

• Supporting the development and documentation of risk assessment results and recommendations using identified threats, applicable vulnerabilities, and likelihood of occurrence within context of risk tolerances

• Monitor all database and application software used in OIS for version change control and nearing/exceeding last date allowed in the Department of Navy Application Database Management System (DADMS).

• Coordinating/interfacing with OIS Technical Team, Defense Information Systems Agency (DISA), IA Staff, and Fleet Cyber Command to document, review, revise, and submit changes related to Ports, Protocols, and Services (PPS), Access Control Lists (ACLs), and Whitelists. This support includes preparing and submitting the registration forms for new requirements.

• Supporting DOD Portfolio Repository-DON (DITPR-DON) to support the annual review.

• Providing recommendations for corrective actions and mitigation strategies.

• Producing security risk assessment briefs and reports for delivery to stakeholders and senior management.

• Support the DevSecOps team in implementing Cyber Security requirements to achieve and maintain IATT and ATO

• Interpret OS, web server, and database scans to facilitate resolving security findings with the DevSecOps team and external teams

• Ensure systems are scanned, patched, and compliant with DoD policy

• Troubleshoot Windows and RHEL security policies

• Support with configurations including CloudWatch logs, registering systems, reporting and manage findings

• Assess systems to determine applicable IA controls based on design, architecture, and data

• Attend risk management and system meetings to provide status updates and take action items

Minimum Qualifications

• Must have DOD Secret level clearance to start

• Certification Requirement: Directive 8570.1/8140 - IAM-1: Security+

• Bachelor's degree with a minimum of 6 years of relevant experience.

• Experience performing risk assessments and audits.

• Experience using DoD approved tools (ACAS, SCAP-compliant scanners, eMASS, etc.).

• Knowledge of the overall Risk Management Framework and NIST compliance as a security professional.

• Experience presenting to clients or management to present technical and non-technical information to allow key personnel to make informed decisions.

• Experience successfully advising stakeholders through the ATO process.

• Familiarity with information security documents, government orders, notices, and guidelines.

• Experience documenting and maintaining systems running in AWS GovCloud (DoD preferred)

• Ability to work independently to create and update Security Plans, Contingency Plans, and other security documents

• Solid understanding in DoD Cyber Security policies and requirements

Desired Qualifications

• Bachelor's degree in Engineering, IT, Computer Science, or related field or equivalent

• 10 years' experience in ISSO capacity

• Experience supporting DoD (Navy preferred) enterprise application transition to the AWS GovCloud (up to IL 6) in a security capacity

• CISSP or equivalent certification

• AWS Certified Security certification

About Sev1Tech LLC

Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.

Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://careers-sev1tech.icims.com/ #joinSev1tech

For any additional questions or to submit any referrals, please contact: kaleigh.tiano@sev1tech.com

Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.