Information System Security Officer

Overview Tecolote Research, Inc. has an immediate opportunity for a talented Information Systems Security Officer (ISSO) to support our El Segundo office (Annex). The ISSO will assist in developing Risk Management Framework (RMF) accreditation packages and assist in maintaining Authorization to Operate (ATO) certifications for networked systems and applications used by the organization. The ISSO will assist in developing information system documentation and providing a designated set of standard controls for the authorization package, including the executive summary, system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones. Responsibilities .cs74E734F3{text-align:justify;text-indent:0pt;margin:0pt 0pt 0pt 0pt;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background-color:#FFFFFF} .csB9BF9B06{color:#2D2D2D;background-color:transparent;font-family:'Times New Roman';font-size:12pt;font-weight:normal;font-style:normal;} .csE7A05076{color:#000000;background-color:#FFFFFF;font-family:Tahoma;font-size:8.5pt;font-weight:normal;font-style:normal;} .cs8BAD039A{text-align:left;text-indent:0pt;margin:0pt 0pt 0pt 0pt;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background-color:#FFFFFF} .cs93D63586{color:#2D2D2D;background-color:transparent;font-family:'Times New Roman';font-size:12pt;font-weight:bold;font-style:normal;} .cs16C55505{text-align:left;margin:0pt 0pt 0pt 0pt;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background-color:#FFFFFF;list-style-type:disc;color:#2D2D2D;font-family:Arial;font-size:10pt;font-weight:normal;font-style:normal} .cs2654AE3A{text-align:left;text-indent:0pt;margin:0pt 0pt 0pt 0pt} .cs2BCB78B7{color:#000000;background-color:transparent;font-family:Tahoma;font-size:8.5pt;font-weight:normal;font-style:normal;} This system certification documentation must comply with DoD and Civilian Agency policy focused on NIST 800-171, NIST 800-53 Security and Privacy Controls, and Cybersecurity Maturity Model Certification (CMMC). The position may include CMMC application and accreditation duties, developing and implementing continuous monitoring strategies, and enhancing company best practices related to the IT Security posture. Responsibilities * Lead the development, maintenance, and evaluation Information System (IS) security documentation, including System Security Plans (SSPs), Continuity of Operations Plans (COOPs), and Standard Operating Procedures (SOPs).
* Maintain system certification packages in a centralized repository, supporting primarily NIST 800-171, NIST 800-53, both DIACAP 8500.2 and Risk Management Framework (RMF), Continuous Monitoring and Risk Scoring (CMRS), and DoD Information Technology (IT) Portfolio Repository (DITPR).
* Conduct cybersecurity controls assessments in accordance with applicable regulatory guidance, including NIST 800-53, NIST 800-37, NIST 800-60, and DoD 8500.01. Managing Plans of Actions and Milestones (POA&M) originating from these assessments.
* Monitor, analyze, and respond to network security events. * Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS, and or other GRC application) to support security control implementation during the monitoring phase.
* Ensure that selected security controls are implemented and operating as intended during all phases of the Information System (IS) lifecycle and RMF process.
* Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis.
* Conduct required IS vulnerability scans according to risk assessment parameters (Continuous Monitoring (ConMon).
* Continuously evaluate system security posture, identifying opportunities for improvement, and supporting the implementation of these improvements.
* Support the local Tecolote Research, Inc. Contractor Program Security Officer (CPSO) and Tecolote Research, Inc. Director of IT Architecture in ensuring the physical protection of information technology systems, including supporting the deployment of physical security measures such as intrusion detection systems.
* Provide local on-site and corporate Information Technology support.
* Conduct investigations of computer security violations and incidents. Skills Required .cs16C55505{text-align:left;margin:0pt 0pt 0pt 0pt;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background-color:#FFFFFF;list-style-type:disc;color:#2D2D2D;font-family:Arial;font-size:10pt;font-weight:normal;font-style:normal} .csB9BF9B06{color:#2D2D2D;background-color:transparent;font-family:'Times New Roman';font-size:12pt;font-weight:normal;font-style:normal;} .cs8BAD039A{text-align:left;text-indent:0pt;margin:0pt 0pt 0pt 0pt;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background-color:#FFFFFF} .cs93D63586{color:#2D2D2D;background-color:transparent;font-family:'Times New Roman';font-size:12pt;font-weight:bold;font-style:normal;} .cs2654AE3A{text-align:left;text-indent:0pt;margin:0pt 0pt 0pt 0pt} .cs2BCB78B7{color:#000000;background-color:transparent;font-family:Tahoma;font-size:8.5pt;font-weight:normal;font-style:normal;} * Candidates must have an active SECRET government security clearance with Sensitive Compartmented Information (SCI) eligibility and ability to meet special access program eligibility requirements per DODM 52505.7 vol 2.
* 8+ years of total experience in Aerospace, DoD, or related industries.
* 2+ years of experience specifically supporting the compliance of government or contractor information technology systems under the oversight of the DoD or the Intelligence Community.
* CompTIA Security+ Certification and or Certified Information System Security Professional (CISSP) Certification.
* Ability to evaluate effectiveness, suitability, survivability, and interoperability of systems, relating to cybersecurity and provide key feedback to improve the overall cybersecurity posture.
* Experience administering the system functions including security policies and account management for both Microsoft Windows and Linux/Unix-based systems.
* Have familiarity with the use and operation of DISA SCAP and STIG Viewer tools.
* Self-starter with ability to work independently and with a team distributed across multiple time zones.
* Ability to understand, explain, interpret, and apply rules, regulations, directives, and procedures.
* Detail-oriented.
* Excellent verbal and written communication skills. Candidates who have one or more of the following skills will be preferred: * An active TS/SCI or TS/SCI eligibility clearance.
* A CISSP (or CISSP Associate) certification, or an alternate qualifying certification satisfying DoD 8570.01M requirements for an Information Assurance Technician Level III or an Information Assurance Manager Level II.
* Prior successful experience as an ISSO.
* Experience with maintenance of DevSecOps environments, including Continuous Integration / Continuous Deployment (CI/CD) and package artifact management using a repository management application.
* Have experience with VMware or other virtualization software.
* Incident response and reporting experience.
* Salary range: $100,000 - $120,000/Year, DOE Education Bachelor's degree required, preferably in math, engineering, business, or the sciences.

---