Information Systems Security Officer

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities, and a culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth. If this sounds like the choice you want to make, then choose MITRE—and make a difference with us.

Department Summary:

The Cybersecurity Risk Management Department (A211) in the Global Security Services Division (A210) is seeking to fill an Information System Security Officer (ISSO) position. The selected candidate for the ISSO role will support multiple sponsors to provide Information Assurance - Cybersecurity Work

Roles and Responsibilities:

The selected candidate will perform tasks such as ensuring cyber security is baked into the design of new/existing operational environments; perform security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). Assist ISSMs/ISSOs in maintaining operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A). Provides configuration management (CM) expertise for information system security software, hardware, and firmware and coordinates with Systems & Networks engineers, ISSM(s), and other stakeholders to ensure fully developed requests are vetted prior to Change Control Board (CCB) meetings. Mentor and train Jr. ISSOs, consult with other MITRE Departments on cybersecurity concerns.

Responsibilities include:

• Oversee ISSOs supporting various systems with various impact levels while maintaining the CIA.
• Provide IA-cyber solutions in support of government sponsors information systems and data.
• Review security artifacts and determine risk mitigation, perform continuous monitoring activities.
• Improve cybersecurity risk posture of environments applying the RMF and applicable controls.
• Triage vulnerabilities, work with engineers, system admins on mitigation plans
• Review and update policies based on industry standards and best practices.
• Lead the strategy on responding to CCRIs, Assessments, etc., improve risk ratings, and develop strategic plans for overall assessment procedures, policies, etc.
• Partner with System Administrators, Engineer to improve on process, policies protecting assets.
• Develop Jr staff skillset in cybersecurity/IA improving on product delivery, artifacts quality, assessment support and overall risk mitigations.
• Provide subject matter expertise to internal and external partners supporting the security and protection of advanced technologies.
• Maintain operational security posture for an information system or program.
• Apply a full range of Cybersecurity policies, principles, and techniques to maintain security integrity of information systems processing classified information.
• Utilized Security Tools to enhance protection of information systems and data.
• Perform Gap Analysis and improve on document maintenance, storage, and modifications.

Basic Qualifications:

• Possess and maintain an active Top Secret level security clearance.
• B.S. in Computer Science or equivalent field of study and 8+ years related experience.
• Development of security artifacts utilizing all steps in the RMF.
• Experience using XACTA, E-Mass, other repositories.
• Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
• Ability to exercise judgment when policies are not well-defined.
• Knowledge of new and emerging IT and cybersecurity technologies.
• Effective communication skills (verbal and written) ensuring clear and effective communication with senior government leaders and technical peers.
• 8+ years experience implementing the Risk Management Framework (RMF), NIST SP 800-53, Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker.
• Full understanding of Classified Infrastructure and how to apply the Assessment & Authorization (A&A) process.
• Knowledge of technical solutions related to the A&A process.
• In accordance with DoD 8570.01M, the selected candidate must meet and maintain the requirements of an IAM or IAT Level III as a condition of employment.

Preferred Qualifications:

• M.S. in Computer Science or equivalent field of study and 10+ years related experience.
• Ability to contribute to a dynamic high tempo operational environment.
• Ability to correlate operational concepts and apply appropriate security measures to mitigate threats or vulnerabilities.
• Knowledge of core and non-core cybersecurity frameworks, toolsets, and capabilities.
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of authentication, authorization, and access control methods.
• Knowledge of incident response and handling methodologies.
• Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
• Knowledge of cyber defense and information security policies, procedures, and regulations (e.g., RMF).

This requisition requires the candidate to have a minimum of the following clearance(s):

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

Work Location Type:

MITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age; ancestry; color; family medical or genetic information; gender identity and expression; marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics. For further information please visit the Equal Employment Opportunity Commission website EEO is the Law Poster and Pay Transparency.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org.

Copyright © 1997-2023, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.