UIC Government Services and the Bowhead Family of Companies
Information System Security Officer
UIC Government Services and the Bowhead Family of Companies, Colorado Springs, Colorado, United States, 80509
Overview
Bowhead seeks an Information System Security Officer to support our customer on the PICRD II contract in Colorado Springs, CO.
Responsibilities
Contribute to planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations.
Act as alternate COMSEC Responsible Officer (CRO), as designated by ISSM, and manage any additional sub-account users as required.
Assist in ensuring all classified and controlled systems comply with government-defined security requirements and federal regulations.
Support the functions of SL-ISSM and SL-ISSO for HQ USSPACECOM sponsored projects up to Top Secret Collateral classification, including SAPs.
Ensure system authorization packages consider requirements from government agencies and system stakeholders.
Support HQ USSPACECOM Joint Cyber Cell (JCC) in complying with cyber tasking orders and IA/cybersecurity programs.
Assist in vulnerability testing and risk analysis as part of DoD and Air Force authorization processes.
Identify and implement security hardening and corrective actions for hardware, software, applications, and business management procedures.
Ensure proper implementation of corrective actions and support planning/execution of risk management activities.
Baseline and improve USSPACECOM risk and security posture, including threat updates, security configuration control, and system security review for software/system purchases and integration.
Review Cybersecurity Network Defense (CND) tool reports and work with USSPACECOM Government Cyber leadership on RMF packages and ATO status updates.
Provide updates for monthly documentation on system status, cybersecurity posture, and executive status briefings.
When ISSM is not available, participate in the Cybersecurity Working Group (CSWG).
Assist in development, implementation, oversight, and maintenance of an organization cybersecurity program.
Assist to administer the cybersecurity program, enforce cybersecurity policies/procedures, and ensure all users have requisite security clearances and cybersecurity training.
Ensure users receive cybersecurity refresher training annually and maintain required countermeasures and compliance measures.
Assist with implementation and compliance measures IAW DoDI 8010.01, DoDI 8510.01, DoDI 8500.01, AFMAN 17-130, and AFI 10-712.
Initiate requests for exceptions, deviations, or waivers to cybersecurity requirements and criteria.
Support and coordinate with the Data Custodian and Government Project Owner/Manager for information security risk management.
Maintain current system information in the approved RMF accreditation system and conduct hardware/software inventory assessments.
Provide initial and recurring A&A Interim Authority to Test (IATT) and Authority to Connect (ATO) packages.
Ensure RMF and ATO packages are complete, accurate, and ready for Command ISSM and AO review.
Assist with assessments by the Defense Industrial Base Cybersecurity (DIB CS)/Cybersecurity office.
Review the audit trail of systems weekly for abnormal activities and provide requested metrics at least once per month.
Support with NOTAMs, IAVAs, and other security/vulnerability advisories.
Qualifications
BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE institution.
Over four years of technical experience.
Meets the Core and Additional Knowledge, Skills, and Abilities Tasks (KSATs) defined in the DCWF for Work Role 612 (NIST: SP‑RM‑002).
Experience performing as a COMSEC Responsible Officer (CRO). Experience creating messages required, for the COMSEC controlling authority’s approval, to obtain NSA’s approval to issue Keying Material (KEYMAT).
Experience keying, configuring, initializing and operating COMSEC equipment, troubleshooting system failures.
Experience conducting vulnerability testing and analysis on DoD networks.
Experience developing RMF packages and conducting ATO status updates, including drafting of Assessment and Authorities (A&A) Interim authority to Test (IATT) and Authority to Connect (ATC) packages.
Experience with COMSEC, Computer Security (COMPUSEC), and TEMPEST.
Experience on Notice to Airman (NOTAM) and Information Assurance Vulnerability Alert (IAVA) and security/vulnerability advisories.
Certification Requirements
Required: CompTIA Security+
Desired: CASP+, Cloud+, GSEC, PenTest
Security clearance required: Must currently hold a Top Secret security clearance with SCI eligibility.
Physical Demands
Must be able to lift up to 25 pounds.
Must be able to stand and walk for prolonged amounts of time.
Must be able to twist, bend and squat periodically.
Compensation & Location Annual salary: USD $125,000 – $135,000. Location: Colorado Springs, CO.
Travel Requirement Less than 10% travel.
Benefits Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short‑ and long‑term disability, and a 401(k) retirement plan. Paid time off is available for eligible full‑time employees.
Join our Talent Community Join our Talent Community (https://talentconnect.uicalaska.com/government-services/talentcommunity) to receive updates on new opportunities and future events.
Equal Opportunity Statement UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics. This statement complies with applicable laws including the Alaska Native Claims Settlement Act.
Applicants may be subject to a pre‑employment drug & alcohol screening and/or random drug screen.
All candidates must apply online at www.uicalaska.com. Submit a completed application for all positions. If there are significant changes, contact a UIC HR Recruiter. For individuals who cannot complete an online application, contact UIC Human Resources for assistance (https://uicalaska.com/careers/recruitment/). In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance.
The contractor will not discriminate against employees or applicants because they have inquired about pay or disclosed the pay of others. However, employees with access to compensation information must not disclose pay to unauthorized individuals, unless required by law, a formal complaint, or investigation (41 CFR 60‑1.35(c)).
#J-18808-Ljbffr
Responsibilities
Contribute to planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations.
Act as alternate COMSEC Responsible Officer (CRO), as designated by ISSM, and manage any additional sub-account users as required.
Assist in ensuring all classified and controlled systems comply with government-defined security requirements and federal regulations.
Support the functions of SL-ISSM and SL-ISSO for HQ USSPACECOM sponsored projects up to Top Secret Collateral classification, including SAPs.
Ensure system authorization packages consider requirements from government agencies and system stakeholders.
Support HQ USSPACECOM Joint Cyber Cell (JCC) in complying with cyber tasking orders and IA/cybersecurity programs.
Assist in vulnerability testing and risk analysis as part of DoD and Air Force authorization processes.
Identify and implement security hardening and corrective actions for hardware, software, applications, and business management procedures.
Ensure proper implementation of corrective actions and support planning/execution of risk management activities.
Baseline and improve USSPACECOM risk and security posture, including threat updates, security configuration control, and system security review for software/system purchases and integration.
Review Cybersecurity Network Defense (CND) tool reports and work with USSPACECOM Government Cyber leadership on RMF packages and ATO status updates.
Provide updates for monthly documentation on system status, cybersecurity posture, and executive status briefings.
When ISSM is not available, participate in the Cybersecurity Working Group (CSWG).
Assist in development, implementation, oversight, and maintenance of an organization cybersecurity program.
Assist to administer the cybersecurity program, enforce cybersecurity policies/procedures, and ensure all users have requisite security clearances and cybersecurity training.
Ensure users receive cybersecurity refresher training annually and maintain required countermeasures and compliance measures.
Assist with implementation and compliance measures IAW DoDI 8010.01, DoDI 8510.01, DoDI 8500.01, AFMAN 17-130, and AFI 10-712.
Initiate requests for exceptions, deviations, or waivers to cybersecurity requirements and criteria.
Support and coordinate with the Data Custodian and Government Project Owner/Manager for information security risk management.
Maintain current system information in the approved RMF accreditation system and conduct hardware/software inventory assessments.
Provide initial and recurring A&A Interim Authority to Test (IATT) and Authority to Connect (ATO) packages.
Ensure RMF and ATO packages are complete, accurate, and ready for Command ISSM and AO review.
Assist with assessments by the Defense Industrial Base Cybersecurity (DIB CS)/Cybersecurity office.
Review the audit trail of systems weekly for abnormal activities and provide requested metrics at least once per month.
Support with NOTAMs, IAVAs, and other security/vulnerability advisories.
Qualifications
BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE institution.
Over four years of technical experience.
Meets the Core and Additional Knowledge, Skills, and Abilities Tasks (KSATs) defined in the DCWF for Work Role 612 (NIST: SP‑RM‑002).
Experience performing as a COMSEC Responsible Officer (CRO). Experience creating messages required, for the COMSEC controlling authority’s approval, to obtain NSA’s approval to issue Keying Material (KEYMAT).
Experience keying, configuring, initializing and operating COMSEC equipment, troubleshooting system failures.
Experience conducting vulnerability testing and analysis on DoD networks.
Experience developing RMF packages and conducting ATO status updates, including drafting of Assessment and Authorities (A&A) Interim authority to Test (IATT) and Authority to Connect (ATC) packages.
Experience with COMSEC, Computer Security (COMPUSEC), and TEMPEST.
Experience on Notice to Airman (NOTAM) and Information Assurance Vulnerability Alert (IAVA) and security/vulnerability advisories.
Certification Requirements
Required: CompTIA Security+
Desired: CASP+, Cloud+, GSEC, PenTest
Security clearance required: Must currently hold a Top Secret security clearance with SCI eligibility.
Physical Demands
Must be able to lift up to 25 pounds.
Must be able to stand and walk for prolonged amounts of time.
Must be able to twist, bend and squat periodically.
Compensation & Location Annual salary: USD $125,000 – $135,000. Location: Colorado Springs, CO.
Travel Requirement Less than 10% travel.
Benefits Bowhead offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short‑ and long‑term disability, and a 401(k) retirement plan. Paid time off is available for eligible full‑time employees.
Join our Talent Community Join our Talent Community (https://talentconnect.uicalaska.com/government-services/talentcommunity) to receive updates on new opportunities and future events.
Equal Opportunity Statement UIC is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics. This statement complies with applicable laws including the Alaska Native Claims Settlement Act.
Applicants may be subject to a pre‑employment drug & alcohol screening and/or random drug screen.
All candidates must apply online at www.uicalaska.com. Submit a completed application for all positions. If there are significant changes, contact a UIC HR Recruiter. For individuals who cannot complete an online application, contact UIC Human Resources for assistance (https://uicalaska.com/careers/recruitment/). In accordance with the Americans with Disabilities Act of 1990 (ADA), persons unable to complete an online application should contact UIC Human Resources for assistance.
The contractor will not discriminate against employees or applicants because they have inquired about pay or disclosed the pay of others. However, employees with access to compensation information must not disclose pay to unauthorized individuals, unless required by law, a formal complaint, or investigation (41 CFR 60‑1.35(c)).
#J-18808-Ljbffr