SENIOR INFORMATION SYSTEMS SECURITY OFFICER
3RC is seeking candidates with 12+ Years of cybersecurity experience to join our team as a Senior Information Systems Security Officer.
The selected candidate will perform security scans to identify vulnerabilities and risks, and work with the Engineering team to mitigate the risks.
The candidate is required to have experience with ensuring systems successfully complete the Assessments & Authorization (A&A) process.
They will work with other security and IT professionals in developing and implementing strategies to detect and mitigate threats to information systems, protect critical data sets, and provide assessments of system and network vulnerabilities.
They will analyze threats and develop and implement best practices methodologies for incident detection, reporting, and vulnerability remediation.
Primary Responsibilities :
- Plan and recommend modifications or adjustments based on exercise results or system environment.
- Properly document all systems security implementation, operations, and maintenance activities and update as necessary.
- Verify and update security documentation reflecting the application / system security design features.
- Assess the effectiveness of security controls.
- Assess all the configuration management (change configuration / release management) processes.
- Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.
- Analyze and report organizational security posture trends.
- Analyze and report system security posture trends.
- Assess adequate access controls based on principles of least privilege and need-to-know.
- Implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed.
- Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
- Mitigate / correct security deficiencies identified during security / certification testing and / or recommend risk acceptance for the appropriate senior leader or authorized representative.
- Verify minimum security requirements are in place for all applications.
- Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
Required Qualifications :
- DoD 8570 certification (IAT or IAM Level 2)
- Demonstrated experience with Risk Management Framework (experience under DHA a plus)
- Demonstrated efficiency and experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware / software inventories, and system / site policies, procedures, and processes
- Hands on experience with the DoD tool eMASS
- Familiarity with NIST publications
- Experience in assessing systems using NIST 800-53 and / or DISA STIGs and SRGs
- Excellent customer service and organization skills
- Excellent oral and written communication skills
Desired Qualifications :
- Experience with ACAS and HBSS
- Experience in RMF policy development, process improvement, and strategy implementation
- Knowledge in Continuous Monitoring and Risk Scoring (CMRS)
- Knowledge of cloud capabilities and secure cloud architecture
- Knowledge in one or more of the following technologies :
o Medical devices
o Windows
o Linux / Unix
o Network Devices
o Databases MS SQL, Oracle
o VMWare Virtualization
Clearance Required :
Active Secret security clearance
Company Paid Standard Benefits :
- Short / Long Term Disability
- Basic Life Insurance
- Direct Payroll Deposit
- Leave Accrual
- Holidays
- 401(k) Match
Employee / Company Shared Benefits :
- Additional (Voluntary) Life Insurance
- 401(k)
- Medical Coverage
- Dental Coverage
- Vision Care Plan
- Flexible Spending Account Plan
PI223568073