Mid Level Information Systems Security Officer

Type: Full Time

Location: National Maritime Intelligence Center, Washington, DC

Overtime Exempt: Yes

Reports To: ARMADA HQ

Security Clearance Required: Active Top Secret

***********************CONTINGENT UPON AWARD*******************************

Duties & Responsibilities:

• The Mid Level Information Systems Security Officer (ISSO) shall coordinate and support the security components of the NAVINTEL ICD 503 Risk Management Framework (RMF) Implementation Policies/Directives and Dept. of Navy (DON) Cyber Security Policies/Directives.
• The ISSO shall perform automated security scans, using automated tools such as Assured Compliance Assessment Solution (ACAS), Center for Internet Security (CIS) Benchmark, and Security Content Automation Protocol (SCAP), and Retina. Analyze scan results, and document findings for products as required to successfully complete Collateral and SCI-level security certification testing and evaluation (ST&E) as appropriate for the The ISSO shall scan results and findings and document according to NAVINTEL IA and ICD 503 RMF processes.
• Shall perform ISSO responsibilities per SECNAV M-5239.2, which includes the primary point of contact for matters on cyber security relating to assigned systems, reviewing audit trail logs and scans, and ensuring systems are maintained per security policies and procedures, and maintaining compliance and reporting weekly findings to Vulnerability Remediation Asset Management (VRAM).
• The ISSO shall conduct research and testing to ensure existing and evolving products/services meet current Office of the Director of National Intelligence (ODNI), DIA, DoD, DoN, DISA, NGA and local authority's security requirements as appropriate.
• The ISSO shall document results of security requirements analysis, evaluations, alternatives analysis, risk assessments, and other security-related activities performed in support of project tasks and as tasked for approved project requirements. Documentation could be classified once populated with data. Once IP Addresses, System CONOPS (Concept of Operations), System Functions, Systems Missions, and System Architectures are combined in the security documents, the documentation can become classified up to the TS/SCI classification level.
• The ISSO shall document and execute a plan for each system to achieve authorization to renew such authorization. Collaborate with information system owners and the engineering team to produce the body of evidence necessary to move through each step of the RMF process, successfully satisfy an independent control assessment and obtain Authorization to Operate (ATO).
• The ISSO shall prepare Security documentation in support of project tasks and as tasked for approved project requirements, which support successful completion of Collateral and/or SCI-level security testing and evaluation (ST&E) appropriate for the product.
• The ISSO shall coordinate activities with NIA and DISA offices to determine and refine certification testing and documentation requirements that impact products and services, in reference to achieve Certification to Field.
• The ISSO shall manage systems accreditation processes, using eMass for NIPR and SIPR systems, and Xacta for JWICS systems. Following the RMF process, the ISSO will be required to update and maintain system documentation, update controls, track any Plan of Actions and Milestones (POA&M) items, working with Hopper ISC's Configuration Management (CM) group to register software with DADMS, submit boundary control request (BCRs) for Ports, Protocols and Services (PPSM), and ensure DITPR system registration is complete within the deadline. The ISSO shall monitor and report any IA-relevant issues, including vulnerabilities, exploits, policy changes and best practices.
• The ISSO shall monitor all A&A Security activities, in accordance with the ICD 503 (RMF) process. The various security activities include, but are not limited to: Security testing, documentation, and reporting activities.
• Liaison with external organizations necessary to complete product certification tests, site certifications and temporary certifications for testing and exercise.
• Develop and maintain ISC-specific Certification Test Division plans, processes and procedures.
• Establish and update security elements in the master schedule.
• Provide input to project teams during requirements creation, definition, and tracking activities.
• Perform security "pre-look" scans and testing of prospective new products and report findings.
• Keep abreast of DISA system configuration and testing guidelines and update practices and procedures as appropriate to incorporate changes.
• Prepare Security Analysis Memorandums for originating developers if applicable.
• Register, develop, verify, validate, document, and test the required A&A documentation, procedures, and policies required for the information systems produced and deployed within the Government's systems and applications and across NAVINTEL.
• The ISSO shall provide assessment and authorization requirements and documents shall be prepared IAW NAVINTEL ICD 503, DoD, and DISA security requirements as applicable for the system undergoing assessment/certification.
• The ISSO shall prepare technical and miscellaneous reports to document progress and key decisions and provide reports with current status of tasks.
• The ISSO shall coordinate with the Government to define and produce system certification and accreditation documents. The A&A documentation required for accreditation shall be compliant with the requirements stated in the ICD 503 and shall follow the direction and guidance provided in the Designated Accrediting Authority (DAA) or Designated Authorizing Official-approved assessment and authorization process.
• The ISSO shall provide the list of security documents and materials contained in Attachment 1 (Certification and Accreditation Checklist) will also be required. Changes to security authorization and policy may alter these requirements in the future. This list is not intended to identify all possible documentation needed but to provide the current scope. Templates will be provided by the Government after the Information Assurance Registration Brief.
• The ISSO shall coordinate with Hopper ISC Project Managers (when necessary) and Maritime Intelligence Element (MIE) Product Owner during project planning and execution activities. Provide input to project plans and project status in accordance with documented processes. Manage, monitor, and mitigate risks during project execution.
• The ISSO shall ensure scheduled milestones are met, and when they cannot be, immediately inform and work with the Information System Security Manager (ISSM), the Product Owner and the Government to discuss schedule impacts.
• The ISSO shall keep the Product Owner, TPOC and the Government apprised of the status of all technical activities and immediately alert whenever impacts to cost and schedule are anticipated.
• The ISSO shall provide a weekly activity report (WAR) to the Contracting Office Representative (COR), and TPOC via the Government.
• The ISSO shall provide a monthly financial report to the MIE Product Owner and the COR and shall brief a Program Management Report (PMR) of work completed from previous month based cost, schedule and performance.
• The ISSO shall attend project and information assurance policy implementation meetings and briefings, and develop, provide, and deliver technical, operator, and customer training and briefings to all audience levels.
• The ISSO shall keep abreast of DoD, DISA, and DoN system configuration and testing guidelines and update practices and procedures as appropriate in incorporating changes.

Minimum Education/General Experience:

• Bachelor's degree in a technical subject
• Minimum 7 years' experience
• IAM Level II Certification

Disclaimer:

The above information has been designed to indicate the general nature and level of work to be performed. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the contractor assigned to this position. Applying: If you feel you have the knowledge, skills and abilities for this position visit our careers page at www.armadausa.com.

Special Notes: Relocation is not available for these jobs.

ARMADA provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. ARMADA complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.