York Space Systems LLC
Information Systems Security Officer - Huntsville, Alabama (Active TS/SCI or Hig
York Space Systems LLC, Huntsville, Alabama, United States, 35824
Information Systems Security Officer - Huntsville, Alabama (Active TS/SCI or Higher Required)
York Space Systems is seeking an Information Systems Security Officer (ISSO) to facilitate Authorization & Assessment (A&A) efforts throughout mission systems RMF lifecycle. The selected candidate will lead RMF accreditation efforts, perform tasks including determining DoD requirements, hardware/software configuration management (including baseline configuration), risk assessments/vulnerability assessments, testing and documenting security controls, and ensuring overall compliance with DoD cybersecurity policies. The ideal candidate will have experience as an ISSO or in a security-relevant field, be comfortable operating independently, and be able to interact with customers with minimal ISSM involvement, acting as the face of security for their boundaries. Responsibilities below are inclusive ISSO duties. Responsibilities
Oversee day-to-day operations required to perform RMF Manage tasks and create deadlines to meet security requirements Be forward-facing for customer interactions which translate into system requirements Spearhead building RMF packages within eMASS and perform continuous monitoring for the full duration of the information system lifecycle Implement the RMF process throughout the entire A&A lifecycle of the system(s) or multiple ATOs across different locations, supporting all efforts pre- and post-ATO determination Assist the ISSM in meeting duties to support A&A activities and coordinate with the system’s Security Controls Assessor (SCA) and Authorizing Official (AO) Perform and review technical security assessments to identify vulnerabilities, non-compliance with cybersecurity standards/regulations, and recommend mitigation strategies Conduct risk analyses from vulnerability, compliance scans, penetration testing results, and other audit activities Create and maintain Plan of Action and Milestones (POA&Ms), System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Standard Operating Procedures (SOPs), Configuration Management Plans, Contingency Plans and Test Result/Security Impact Analyses Ensure procedures are in place for clearing, sanitizing, and destroying hardware and media Conduct continuous monitoring (ConMon) activities for applicable authorization boundaries Apply and maintain up-to-date application of Security Technical Implementation Guides (STIGs) to required components of information systems Maintain inventory and asset configuration including change management documentation Lead system-level change requests through formalized Configuration Control Boards (CCB) Ensure appropriate operational security posture is maintained for the information system, working with the information system owner and the ISSM Notify the ISSM when changes occur that might affect the authorization determination Advise System Administrators and Network Administrators to remediate system deficiencies Report all security-related concerns and incidents to the ISSM May handle security concerns in lieu of the ISSM to advise on security in accordance with system procedures Required Qualifications
Experience developing and documenting DoD Assessment and Authorization documentation Knowledge of CNSSI 1253, NIST 800 Series (primarily 800-53, 800-53A, 800-171), RMF 2-5+ years of IA/Cyber Security experience Bachelor’s degree or higher in Computer Science or Security Security+/CISM certification or equivalent Experience with DCSA tools such as eMASS, STIGs and SCAP Active Top Secret clearance or higher Requirements / Preferred Qualifications
Well-versed with RMF package creation and maintenance artifacts to support A&A decision Experience using DISA STIGs, Security Requirements Guides (SRGs), and SCAP to audit and securely configure network-enabled devices Fundamental knowledge of DISA Enterprise Mission Assurance Support Service (eMASS) Proficient with vulnerability tools and audit review tools (Nessus, Splunk experience preferred) Experience conducting risk analysis on products and system components through CVEs, plugins, CWEs Experience in software due diligence with COTS and GOTS solutions Strong communication and documentation skills Flexible and able to adapt to a rapidly changing environment Self-motivated and able to complete tasks independently Working knowledge of system functions, security policies, safeguards, and operational security measures Benefits
York Space Systems offers a comprehensive benefits package including medical, dental, and vision insurance along with PTO and a 401K. How To Apply
Interested candidates are encouraged to apply by clicking the “Apply” link at the top of the page. York Space Systems will be accepting applications on a rolling basis until the position is closed. York Space Systems provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, military or protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Must have permanent authorization to work in the United States. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. YORK SPACE SYSTEMS IS AN EEO EMPLOYER.
#J-18808-Ljbffr
York Space Systems is seeking an Information Systems Security Officer (ISSO) to facilitate Authorization & Assessment (A&A) efforts throughout mission systems RMF lifecycle. The selected candidate will lead RMF accreditation efforts, perform tasks including determining DoD requirements, hardware/software configuration management (including baseline configuration), risk assessments/vulnerability assessments, testing and documenting security controls, and ensuring overall compliance with DoD cybersecurity policies. The ideal candidate will have experience as an ISSO or in a security-relevant field, be comfortable operating independently, and be able to interact with customers with minimal ISSM involvement, acting as the face of security for their boundaries. Responsibilities below are inclusive ISSO duties. Responsibilities
Oversee day-to-day operations required to perform RMF Manage tasks and create deadlines to meet security requirements Be forward-facing for customer interactions which translate into system requirements Spearhead building RMF packages within eMASS and perform continuous monitoring for the full duration of the information system lifecycle Implement the RMF process throughout the entire A&A lifecycle of the system(s) or multiple ATOs across different locations, supporting all efforts pre- and post-ATO determination Assist the ISSM in meeting duties to support A&A activities and coordinate with the system’s Security Controls Assessor (SCA) and Authorizing Official (AO) Perform and review technical security assessments to identify vulnerabilities, non-compliance with cybersecurity standards/regulations, and recommend mitigation strategies Conduct risk analyses from vulnerability, compliance scans, penetration testing results, and other audit activities Create and maintain Plan of Action and Milestones (POA&Ms), System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Standard Operating Procedures (SOPs), Configuration Management Plans, Contingency Plans and Test Result/Security Impact Analyses Ensure procedures are in place for clearing, sanitizing, and destroying hardware and media Conduct continuous monitoring (ConMon) activities for applicable authorization boundaries Apply and maintain up-to-date application of Security Technical Implementation Guides (STIGs) to required components of information systems Maintain inventory and asset configuration including change management documentation Lead system-level change requests through formalized Configuration Control Boards (CCB) Ensure appropriate operational security posture is maintained for the information system, working with the information system owner and the ISSM Notify the ISSM when changes occur that might affect the authorization determination Advise System Administrators and Network Administrators to remediate system deficiencies Report all security-related concerns and incidents to the ISSM May handle security concerns in lieu of the ISSM to advise on security in accordance with system procedures Required Qualifications
Experience developing and documenting DoD Assessment and Authorization documentation Knowledge of CNSSI 1253, NIST 800 Series (primarily 800-53, 800-53A, 800-171), RMF 2-5+ years of IA/Cyber Security experience Bachelor’s degree or higher in Computer Science or Security Security+/CISM certification or equivalent Experience with DCSA tools such as eMASS, STIGs and SCAP Active Top Secret clearance or higher Requirements / Preferred Qualifications
Well-versed with RMF package creation and maintenance artifacts to support A&A decision Experience using DISA STIGs, Security Requirements Guides (SRGs), and SCAP to audit and securely configure network-enabled devices Fundamental knowledge of DISA Enterprise Mission Assurance Support Service (eMASS) Proficient with vulnerability tools and audit review tools (Nessus, Splunk experience preferred) Experience conducting risk analysis on products and system components through CVEs, plugins, CWEs Experience in software due diligence with COTS and GOTS solutions Strong communication and documentation skills Flexible and able to adapt to a rapidly changing environment Self-motivated and able to complete tasks independently Working knowledge of system functions, security policies, safeguards, and operational security measures Benefits
York Space Systems offers a comprehensive benefits package including medical, dental, and vision insurance along with PTO and a 401K. How To Apply
Interested candidates are encouraged to apply by clicking the “Apply” link at the top of the page. York Space Systems will be accepting applications on a rolling basis until the position is closed. York Space Systems provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, military or protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Must have permanent authorization to work in the United States. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. YORK SPACE SYSTEMS IS AN EEO EMPLOYER.
#J-18808-Ljbffr