Future Technologies Inc.
Cyber Information System Security Officer
Future Technologies Inc., King George, Virginia, United States, 22485
Cyber Information System Security Officer
The Cyber ISSO will provide IA support for the development and tactical hardware suites of equipment for programs and products, including laboratory/land-based systems and operational afloat systems. This support includes coordination of system patching, user management, log management, and respective authorization/assessment documentation preparation and review. In addition, the Cyber ISSO will:
Assist in the preparation of the authorization documentation for submission to the respective Information Systems Security Manager (ISSM) or other program specific Designated Approving Authority (DAA), utilizing the appropriate DoD Accreditation standards, policies, and directives.
Develop IA/cybersecurity guidelines and standard operating procedures (SOPs). Analyze policies, regulations, and system provisions governing standard operating systems. Assist and advise users of policies, regulations, and system provisions for the standard operating systems.
Validate and verify system security requirements/controls and coordinate integration of system security capabilities for various environments.
Observe, test, and monitor changes in information systems that might affect the security posture. As the ISSO, the candidate shall perform configuration management for information system security software, hardware, and firmware, and manage changes to systems, assessing their security impact. Additionally, notify ISSM on cybersecurity issues affecting IT systems and software they are assigned to support.
Develop, update, and/or review RMF documentation to include the System Security Plan (SSP), Security Control Traceability Matrix (SCTM), Plan of Action and Milestone (POA&M), Risk Assessment Report (RAR), and Security Assessment Plan (SAP).
Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements. Familiarity with updating PIA forms annually and e-Authentication every three years, or sooner if needed.
Independently prepare and review security documentation, including System Security Plans (SSPs) and Assessment Only/Authorization packages. Independently prepare, review, and update authorization packages.
Perform and review technical security assessments to identify vulnerabilities and ensure compliance with information assurance (IA) standards and regulations. This includes vulnerability status tracking and reporting in DoD systems.
Requirements:
DOD 8140 certification at IAT Level II certification (e.g., Security+ CE, CySA+, CCNA Security, GSEC) or ability to obtain.
Minimum of eight (8) years of experience in Information Assurance, Computer Security, or Risk Management Framework for Department of the Navy systems as an ISSO or Information System Security Engineer (ISSE).
Strong technical knowledge with 8+ years of Linux and Windows commands and utilities.
Experience with Microsoft Visio or Cameo to update system diagrams and defense-in-depth diagrams.
Ability to review and update diagrams to accurately reflect system changes.
Knowledge of DoD-approved cybersecurity concepts and tools including DISA STIGs and Assured Compliance Assessment Solution (ACAS) scans in support of system vulnerability management and reporting.
Knowledge and expertise in DoD-approved cybersecurity concepts and tools including DISA STIGs, Security Content Automation Protocol (SCAP) Compliance Checker, Evaluate-STIG, eMASS, ACAS Scans, and Security Center in support of system vulnerability management and reporting. This includes reviewing IAVMs/IAVAs, tracking vulnerability status and reporting in DoD systems. Additionally, able to register new systems and maintain systems in eMASS.
Demonstrated experience with Risk Management Framework and Platform Information Technology (PIT) systems.
Excellent written and verbal communication skills along with ability to interface with project lead, software developers, system integrators, and system administrators.
Experience with scanning containers (e.g., Podman and Docker) using Anchore Grype.
Experience using Anchore Syft to generate a Software Bill of Material (SBOM) from container images and filesystems.
Active Secret security clearance.
Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law. U.S. Citizenship may be required for certain positions.
If you need a reasonable accommodation for any part of the employment process, please send an e‑mail to recruiting@ftechi.com and let us know the nature of your request and your contact information. Reasonable accommodations are considered on a case‑by‑case basis.
#J-18808-Ljbffr
Assist in the preparation of the authorization documentation for submission to the respective Information Systems Security Manager (ISSM) or other program specific Designated Approving Authority (DAA), utilizing the appropriate DoD Accreditation standards, policies, and directives.
Develop IA/cybersecurity guidelines and standard operating procedures (SOPs). Analyze policies, regulations, and system provisions governing standard operating systems. Assist and advise users of policies, regulations, and system provisions for the standard operating systems.
Validate and verify system security requirements/controls and coordinate integration of system security capabilities for various environments.
Observe, test, and monitor changes in information systems that might affect the security posture. As the ISSO, the candidate shall perform configuration management for information system security software, hardware, and firmware, and manage changes to systems, assessing their security impact. Additionally, notify ISSM on cybersecurity issues affecting IT systems and software they are assigned to support.
Develop, update, and/or review RMF documentation to include the System Security Plan (SSP), Security Control Traceability Matrix (SCTM), Plan of Action and Milestone (POA&M), Risk Assessment Report (RAR), and Security Assessment Plan (SAP).
Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements. Familiarity with updating PIA forms annually and e-Authentication every three years, or sooner if needed.
Independently prepare and review security documentation, including System Security Plans (SSPs) and Assessment Only/Authorization packages. Independently prepare, review, and update authorization packages.
Perform and review technical security assessments to identify vulnerabilities and ensure compliance with information assurance (IA) standards and regulations. This includes vulnerability status tracking and reporting in DoD systems.
Requirements:
DOD 8140 certification at IAT Level II certification (e.g., Security+ CE, CySA+, CCNA Security, GSEC) or ability to obtain.
Minimum of eight (8) years of experience in Information Assurance, Computer Security, or Risk Management Framework for Department of the Navy systems as an ISSO or Information System Security Engineer (ISSE).
Strong technical knowledge with 8+ years of Linux and Windows commands and utilities.
Experience with Microsoft Visio or Cameo to update system diagrams and defense-in-depth diagrams.
Ability to review and update diagrams to accurately reflect system changes.
Knowledge of DoD-approved cybersecurity concepts and tools including DISA STIGs and Assured Compliance Assessment Solution (ACAS) scans in support of system vulnerability management and reporting.
Knowledge and expertise in DoD-approved cybersecurity concepts and tools including DISA STIGs, Security Content Automation Protocol (SCAP) Compliance Checker, Evaluate-STIG, eMASS, ACAS Scans, and Security Center in support of system vulnerability management and reporting. This includes reviewing IAVMs/IAVAs, tracking vulnerability status and reporting in DoD systems. Additionally, able to register new systems and maintain systems in eMASS.
Demonstrated experience with Risk Management Framework and Platform Information Technology (PIT) systems.
Excellent written and verbal communication skills along with ability to interface with project lead, software developers, system integrators, and system administrators.
Experience with scanning containers (e.g., Podman and Docker) using Anchore Grype.
Experience using Anchore Syft to generate a Software Bill of Material (SBOM) from container images and filesystems.
Active Secret security clearance.
Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law. U.S. Citizenship may be required for certain positions.
If you need a reasonable accommodation for any part of the employment process, please send an e‑mail to recruiting@ftechi.com and let us know the nature of your request and your contact information. Reasonable accommodations are considered on a case‑by‑case basis.
#J-18808-Ljbffr