York Space Systems
Information Systems Security Officer Senior (ISSO)
York Space Systems, Greenwood Village, Colorado, United States
Position
Information Systems Security Officer Senior (ISSO)
Location:
Greenwood Village, CO
Job Id:
743
# of Openings:
1
Salary:
$120,000-$135,000
York Space Systems was founded to radically improve spacecraft affordability and reliability, transforming, and enabling next generation space mission operations worldwide. York Space Systems is seeking a Senior Information Systems Security Officer (ISSO) to facilitate A&A (Authorization & Assessment) efforts throughout multiple systems’ RMF lifecycle. The selected candidate will lead RMF accreditation efforts, perform tasks including determining DoD requirements, hardware/software configuration management (baseline configuration), risk assessments/vulnerability assessments, testing and documenting security controls, and ensuring overall compliance with DoD Cybersecurity policies. The ideal candidate will have experience as an ISSO or in a security-relevant field, be comfortable operating in a senior role, and mentor junior ISSOs. The selected candidate will be able to speak directly with customers with little to no Information System Security Manager (ISSM) involvement and be the face of security for their selected boundaries. Responsibilities below are inclusive ISSO duties.
RESPONSIBILITIES
Oversee day-today operations required to perform RMF
Manage tasks and create deadlines to meet security requirements
Be forward facing for customer interactions which will translate into system requirements
Spearhead building RMF packages within eMASS and perform continuous monitoring for the full duration of the information system lifecycle
Implement the RMF process throughout the entire A&A lifecycle of the system(s) or multiple ATOs across different locations, supporting all efforts pre and post Authority to Operate (ATO) determination
Assist the ISSM in meeting their duties to support A&A activities and coordinate with the system’s Security Controls Assessor (SCA) and Authorizing Official (AO)
Perform and review technical security assessments to identify vulnerabilities and non-compliance, and recommend mitigations
Conduct risk analyses from vulnerability, compliance scans, penetration testing results, and other audit activities
Create and maintain Plan of Action and Milestones (POA&Ms), System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), SOPs, Configuration Management Plans, Contingency Plans and Test Result/Security Impact Analyses
Ensure approved procedures are in place for clearing, sanitizing, and destroying hardware and media
Conduct continuous monitoring (ConMon) activities for applicable authorization boundaries
Apply and maintain up-to-date applications of STIGs to required components
Maintain inventory and asset configuration including change management documentation
Lead System level change requests through formalized Configuration Control Boards (CCB)
Maintain appropriate operational security posture for the information system, collaborating with the information system owner and the ISSM
Notify ISSM of changes that might affect the authorization determination
Advise System Administrators and Network Administrators to remediate system decencies
Report security-related concerns and incidents to the ISSM
May handle security concerns in lieu of ISSM advice per system procedures
REQUIRED QUALIFICATIONS
Experience developing and documenting DoD Assessment and Authorization documentation
Knowledge of CNSSI 1253, NIST 800 Series (primarily 800-53, 800-53A, 800-171), RMF
5+ years of IA/Cyber Security experience
Bachelor’s degree or higher in Computer Science or Security
Security+/CISM certification or equivalent
Experience with DCSA tools such as eMASS, STIGs and SCAP
Active Secret clearance or higher
REQUIREMENTS/PREFERRED QUALIFICATIONS
Well versed with RMF package creation and maintenance artifacts to support A&A decisions
Experience using DISA STIGs, Security Requirements Guide (SRG) and SCAP to audit and securely configure devices
Fundamental knowledge of DISA Enterprise Mission Assurance Support Service (eMASS)
Proficient with vulnerability and audit tools (Nessus and Splunk experience preferred)
Experience conducting risk analysis on products and components through CVEs, plugins, CWEs
Experience in software due diligence with COTS and GOTS solutions
Strong communication and documentation skills
Flexible and able to adapt to a rapidly changing environment
Positive, self-motivated individual who can complete tasks independently
Working knowledge of system functions, security policies, and operational security measures
BENEFITS In addition to compensation, York Space Systems offers a comprehensive benefits package including medical, dental, and vision insurance along with PTO and a 401K.
HOW TO APPLY Interested candidates are encouraged to apply by clicking the “Apply for this position” link below. York Space Systems will be accepting applications on a rolling basis until the position is closed.
York Space Systems provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type. Must have permanent authorization to work in the United States. This policy applies to all terms and conditions of employment. YORK SPACE SYSTEMS IS AN EEO EMPLOYER.
#J-18808-Ljbffr
Location:
Greenwood Village, CO
Job Id:
743
# of Openings:
1
Salary:
$120,000-$135,000
York Space Systems was founded to radically improve spacecraft affordability and reliability, transforming, and enabling next generation space mission operations worldwide. York Space Systems is seeking a Senior Information Systems Security Officer (ISSO) to facilitate A&A (Authorization & Assessment) efforts throughout multiple systems’ RMF lifecycle. The selected candidate will lead RMF accreditation efforts, perform tasks including determining DoD requirements, hardware/software configuration management (baseline configuration), risk assessments/vulnerability assessments, testing and documenting security controls, and ensuring overall compliance with DoD Cybersecurity policies. The ideal candidate will have experience as an ISSO or in a security-relevant field, be comfortable operating in a senior role, and mentor junior ISSOs. The selected candidate will be able to speak directly with customers with little to no Information System Security Manager (ISSM) involvement and be the face of security for their selected boundaries. Responsibilities below are inclusive ISSO duties.
RESPONSIBILITIES
Oversee day-today operations required to perform RMF
Manage tasks and create deadlines to meet security requirements
Be forward facing for customer interactions which will translate into system requirements
Spearhead building RMF packages within eMASS and perform continuous monitoring for the full duration of the information system lifecycle
Implement the RMF process throughout the entire A&A lifecycle of the system(s) or multiple ATOs across different locations, supporting all efforts pre and post Authority to Operate (ATO) determination
Assist the ISSM in meeting their duties to support A&A activities and coordinate with the system’s Security Controls Assessor (SCA) and Authorizing Official (AO)
Perform and review technical security assessments to identify vulnerabilities and non-compliance, and recommend mitigations
Conduct risk analyses from vulnerability, compliance scans, penetration testing results, and other audit activities
Create and maintain Plan of Action and Milestones (POA&Ms), System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), SOPs, Configuration Management Plans, Contingency Plans and Test Result/Security Impact Analyses
Ensure approved procedures are in place for clearing, sanitizing, and destroying hardware and media
Conduct continuous monitoring (ConMon) activities for applicable authorization boundaries
Apply and maintain up-to-date applications of STIGs to required components
Maintain inventory and asset configuration including change management documentation
Lead System level change requests through formalized Configuration Control Boards (CCB)
Maintain appropriate operational security posture for the information system, collaborating with the information system owner and the ISSM
Notify ISSM of changes that might affect the authorization determination
Advise System Administrators and Network Administrators to remediate system decencies
Report security-related concerns and incidents to the ISSM
May handle security concerns in lieu of ISSM advice per system procedures
REQUIRED QUALIFICATIONS
Experience developing and documenting DoD Assessment and Authorization documentation
Knowledge of CNSSI 1253, NIST 800 Series (primarily 800-53, 800-53A, 800-171), RMF
5+ years of IA/Cyber Security experience
Bachelor’s degree or higher in Computer Science or Security
Security+/CISM certification or equivalent
Experience with DCSA tools such as eMASS, STIGs and SCAP
Active Secret clearance or higher
REQUIREMENTS/PREFERRED QUALIFICATIONS
Well versed with RMF package creation and maintenance artifacts to support A&A decisions
Experience using DISA STIGs, Security Requirements Guide (SRG) and SCAP to audit and securely configure devices
Fundamental knowledge of DISA Enterprise Mission Assurance Support Service (eMASS)
Proficient with vulnerability and audit tools (Nessus and Splunk experience preferred)
Experience conducting risk analysis on products and components through CVEs, plugins, CWEs
Experience in software due diligence with COTS and GOTS solutions
Strong communication and documentation skills
Flexible and able to adapt to a rapidly changing environment
Positive, self-motivated individual who can complete tasks independently
Working knowledge of system functions, security policies, and operational security measures
BENEFITS In addition to compensation, York Space Systems offers a comprehensive benefits package including medical, dental, and vision insurance along with PTO and a 401K.
HOW TO APPLY Interested candidates are encouraged to apply by clicking the “Apply for this position” link below. York Space Systems will be accepting applications on a rolling basis until the position is closed.
York Space Systems provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type. Must have permanent authorization to work in the United States. This policy applies to all terms and conditions of employment. YORK SPACE SYSTEMS IS AN EEO EMPLOYER.
#J-18808-Ljbffr