Information System Security Officer

The Security Services Department Information Security Group provides cyber security and risk assessment services to the Laboratory. This position supports the Integrated Missile Defense Technology Group (Group 36). The Group supports Department of Defense (DoD) to develop resilient, integrated missile defense through threat characterization, advanced technology development, prototyping, and testing. Position Scope/Job Functions/Core Responsibilities:

• Work with the ISSM on compliance activities including RMF Authorization of complex information systems

• Assist in the security configuration and management of collateral classified systems and networks in a variety of traditional and virtual environments including Linux, Unix, Sun, Mac, and Windows

• Assist the ISSM in the development and maintenance of System Security Plans (SSP) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Report, and Continuous Monitoring Strategy

• Confirm plans of actions and milestones (POA&M) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals

• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken

• Utilizing previous RMF experience, recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements

• Ensure systems are operated, maintained, and disposed of in accordance with organization security policies and procedures

• Collect, analyze, and store system audit records

• Conduct network, system, and application vulnerability scanning, configuration assessment, and remediation

• Prepare for and participate in periodic organization compliance assessments

• Ensure account management documentation is complete and updated

• Maintain configuration management documentation (change tracking, maintenance logs, etc.)

• Serve as a member of the Configuration Control Board (CCB) as needed Required:
Demonstrated understanding of the following security frameworks is required:
- NIST 800-53 / Risk Management Framework (RMF)
- National Industrial Security Program Operating Manual (NISPOM) 32 CFR Part 117
- DCSA Assessment and Authorization Process Manual (DAAPM)
- AS degree in Information Security, Computer Science, Cybersecurity, Information Technology, Computer Information Systems, or related discipline is required. Technical experience, skills, and course work completed towards an Undergraduate Degree, or industry IT certifications may be considered in lieu of education or DoD security experience requirements
- Possess a DoD 8570.01-M IAM I baseline certification (e.g. CompTIA Security+). The group will consider someone w/out this certification IF they are willing to obtain in first 6 months at supplier or candidate's expense
- Demonstrated experience with vulnerability scanning and auditing tools and processes is required
- Experience and familiarity with multiple operating systems such as Windows Server 2016 and 2019, Windows 10 and 11, Red Hat Enterprise Linux, Mac, etc.
Desired:
- A minimum of 4 years of IT security experience in DoD Information Security is preferred
- Technical experience securing networks and systems utilizing DISA STIGs and/or SRGs is highly desired
- Experience with virtualization technologies, e.g. VMWare ESXi is preferred
- Knowledge and hands-on experience with Microsoft Active Directory to include configuration of domain setting, managing user accounts and permissions, and effectively deploying Group Policy Objects to secure and customize domain environments Travel: Position requires occasional local and overnight travel (to Lexington, MA). Work location: Hybrid - Individual works from home or off-site for a portion of their schedule and within a routinely commutable distance from a Laboratory facility - the expectation is 60% onsite work.