Cyber Security Specialist/ISSM bei Apogee Research
Apogee Research · Arlington, Vereinigte Staaten Von Amerika · Onsite
- Senior
- Optionales Büro in Arlington
Cyber Security Specialist
Information Systems Security Manager (ISSM)
Apogee Research brings cutting-edge research into practice for the DoD community. We blend agility with rigor to develop new technologies and transition them into operational use. Founded in 2012, Apogee Research brings together cross-discipline teams to solve difficult and often deemed impossible problems across a range of different technical domains. At Apogee Research we work hard, we get things done, and we do it together.
Apogee Research is seeking an experienced, highly motivated, and organized Information System Security Manager (ISSM) with a demonstrated capability of working within executive-level DoD multi-level security environments.
The ISSM will report directly to the Chief Financial Officer and provide comprehensive information systems security support to our Department of Defense customer. The ISSM will be responsible for providing day-to-day system security operations by ensuring that operational security is maintained for information system. ISSM will also be responsible for maintaining effective communications with the Information System Owner, Authorizing Official (AO) or Delegated Authorizing Official (DAO), and the Security Control Assessor (SCA). ISSM must have a working knowledge of system functions, security policies, technical security safeguards, and operational security measures. Additionally, ISSM must demonstrate self-motivation, initiative, sound judgement, team building skills, and effective communication skills.
The candidate must have a strong working knowledge of NIST SP 800-53 Rev 4/5, NIST SP 800-171, DoD STIG Overlays, and other USG IS/Security-related policies. The ISSM will interface daily with government personnel regarding system security and their requirements. This is an excellent opportunity for an energetic and experienced ISSM who is compliance focused, conscientious, detail-oriented, and enjoys working with a close-knit team.
This job requires final TOP SECRET security clearance. We will only accept candidates that currently have a final TOP SECRET security clearance. All applicants must be a US CITIZEN. This position is full-time, in-person and located in our Arlington, Virginia office.
Key Responsibilities
- Ensure users follow established information security policies and procedures to protect, operate, maintain, and dispose of systems and data in accordance with security policies and practices as outlined in the assessment and authorization document packages.
- Develop, review, maintain and oversee all information Systems Security Plans (SSPs) Assessment and Authorization in accordance with DoD mandated policies.
- Develop and maintain relationships with DOD and Intelligence Community agencies for the purpose of obtaining and maintaining authority to operate (ATO) on Apogee classified systems.
- Work with US Government Security Control Assessors (SCAs) and Authorizing Officials (AOs) to develop a comprehensive Risk Management Framework (RMF) package including System Security Plans (SSPs), Information Continuous Security Monitoring Plans, and a Body of Evidence to support system authorization.
- Configure and secure standalone networked workstations in accordance with the developed SSPs and the Security Control Traceability Matrix (SCTM)
- Track, review, and conduct AIS training
- Identify AIS vulnerabilities and implement countermeasures
- Perform AIS self-inspection; notify the customer when changes occur that might affect AIS authorization
- Perform security audits on all systems under purview to validate proper use; ensure documentation (i.e., training records, system baseline, etc.) is kept current
- Coordinate with program/project stakeholders, the Contract Program Security Officer (CPSO)/Facility Security Officer (FSO) and IT team members to define, implement and maintain an acceptable information systems security posture.
- Ensure procedures are developed and followed for responding to security compliance incidents and investigating and reporting security violations and incidents as appropriate.
- Ensure a Plan of /action and Milestone (PO&AM) is maintained for all security related vulnerabilities and continually update SCA’s and AO’s as to the current status of planned activities for correcting vulnerabilities associated with required security controls.
Requirements for Position
- Must have active TS clearance and be SCI Eligible at time of appointment
- 8+ years of relevant security experience for large-scale IT and database systems comprised of a multi-tier architecture and the integration of highly complex commercial software products.
- Full-Time, In-Person.
- Have and maintain CompTIA Security+ or CompTIA CySA+.
- In-depth knowledge and experience with technical configuration standards relating to information system security; experience configuring Windows operating systems, experience with server systems, thin client architecture, system virtualization and other related peripherals.
- Experience configuring Linux based systems to conform to selected Security Technical Implementation Guides.
- Extensive knowledge with E requirements as outlined in the NISPOM, RMF JISG, ICD 503, NIST SP 800-53 Rev 4/5, NIST SP 800-171, DoD STIG Overlays, and other USG IS/Security-related policies.
- RMF Training as specified in the DSS Assessment and Authorization Process Manual
- Self-starter, highly motivated, able to multi-task and meet tight deadlines. A strong candidate must have the ability to work well under pressure and deal with changing priorities.
- Must have excellent work habits, including a willingness to work the hours necessary to get the job done.
- Excellent communication skills (oral and written), ability to work in a team environment, and must work well with others.
- Effective at problem-solving and proven ability to cope with conflict, stress and crisis situations.
Strongly Preferred
- Bachelor’s degree in computer engineering, computer science, information systems, or related field of study
- Experience configuring Red Hat, other Linux distributions and Windows based operating systems to conform to selected Security Technical Implementation Guides.
- Knowledge and experience with technical and configuration standards relating to information system security; prefer experience configuring Windows Server operating systems, thin client architecture, system virtualization and other related peripherals.
About Apogee Research
Apogee Research offers a comprehensive benefits package that includes health, dental, vision, life, and disability insurance, FSAs, paid vacation, sick leave, and paid holidays. Conveniently located in Arlington, VA, we are a short walking distance from the Ballston Metro station. We offer the choice of paid garage parking or a contribution towards a transit account.
Apogee Research, LLC is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, parental status, military service, or other non-merit factors.