Mid Information Systems Security Officer

Belay Technologies has been voted Baltimore Business Journal's (BBJ) Best Places to Work 2019, runner up in 2020 and a finalist in 2021! 

Belay Technologies is seeking a Mid Information Systems Security Officer. The Information Systems Security Officer (ISSO) shall provide support for a program, organization, system, or enclave’s information assurance program. The ISSO provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed. Assists with the management of security aspects of the information system and performs day-to-day security operations of the system. Evaluate security solutions to ensure the y meet security requirements for processing classified information. Performs vulnerability/risk assessment analysis to support certification and accreditation. Provides confirmation management (CM) for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes. Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs). Supports security authorization activities in compliance with National Institute of Standards and Technology Risk Management Framework (NIST RMF).The Information Systems Security Officer (ISSO) shall provide support for a program, organization, system, or enclave’s information assurance program. The ISSO provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed. Assists with the management of security aspects of the information system and performs day-to-day security operations of the system. Evaluate security solutions to ensure the y meet security requirements for processing classified information. Performs vulnerability/risk assessment analysis to support certification and accreditation. Provides confirmation management (CM) for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes. Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs). Supports security authorization activities in compliance with National Institute of Standards and Technology Risk Management Framework (NIST RMF).
 

Candidates should have the following qualifications:

• TS/SCI with polygraph is required.
• Ten (10) years’ experience as an ISSO on programs and contracts of similar scope, type, and complexity is required. Experience is to include at least two (2) of the following areas: knowledge of current security tools, hardware/software security implementation; communication protocols; and encryption techniques/tools. Bachelor’s degree in Computer Science or related discipline from an accredited college or university is required. DoD 8570 compliance with Information Assurance Management (IAM) Level 1 or higher is required. Four (4) years of additional ISSO experience may be substituted for a bachelor’s degree.
   

Candidates are required to have the following skills:

• Provide support to senior ISSOs for implementing, and enforcing information systems security policies, standards, and methodologies. 
• Assist with preparation and maintenance of documentation
• Assist in the evaluation of security solutions to ensure they meet security requirements for processing classified information.
• Assist with the CM for information system security software, hardware, and firmware. 
• Maintain records on workstations, servers, routers, firewalls, intelligent hubs, network switches, etc. to include system upgrades. 
• Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies. 
• Develop and maintain documentation for C&A in accordance with ODNI and DoD policies
• Provide CM for security-relevant information systems software, hardware, and firmware
• Develop system security policy and ensure compliance
• Evaluate security solutions to ensure they meet security requirements for processing classified information
• Maintain operational security posture for an information system or program
• Provide support to the Information System Security Manager (ISSM) for maintaining the appropriate operational IA posture for a system, program, or enclave
• Develop and update the system security plan and other IA documentation
• Assist with the management of security aspects of the information system and perform day-to-day security operations of the system
• Administer the user identification and authentication mechanism of the Information System (IS)
• Obtain C&A for ISs under the purview
• Provide support for a program, organization, system, or enclave’s information assurance program
• Plan and coordinate the IT security programs and policies
• Manage and control changes to the system and assessing the security impact of those changes
• Serve as the Approval Authority for ISs under their control
   
• ISSO to support the Transformation Solutions Branch for the Data Normalization & Automation (DNA) TTO. The responsibilities will include maintaining 3 SSPs, coordinating patching processes between development tools and SA teams, review daily audit logs, troubleshooting entitlement issues, and reviewing and updating security controls. Must be familiar with the customers security workflow process.
  Required Skills:
  • Tech Requirement Security+
  • Experience with XACTA, LATTEART, BISCOTTI, CIVET, DARKROAST, CYBORGBUNNY
  • Experience with GATEKEEPER and the entitlement process
  • Writing/updating SSPS
  • Track IAVAs
  • Generate BISCOTTI POA&Ms

Additional desired skills:
• Tech Requirement CISSP, CAP CASP
• Familiar with Nessus Can Results
• Write/Update SECCONOP
• Draft Systems Boundary/Dataflow Diagrams
• Developing a patching process between SA & Development teams

Belay Technologies is a Service Disabled Veteran Owned Small Business located in Columbia Maryland. Belay specializes in systems automation and full stack development. Belay Technologies provides leading technology and engineering solutions to the DoD, as well as state-of-the-art commercial products. We hire software engineers, web designers, test engineers, systems engineers, systems administrators, database engineers and other tech services.  
 

Perks and Benefits: 

• 8 weeks paid leave - 4 weeks of personal leave, 3 Yay! days, take off on your birthday,11 paid holidays and optional leave up to 6 days through Belay's volunteer program 
• 10% matching in 401(k) contributions vested on day one 
• $5,000 annual training/tuition 
• Student Loan Repayment Program 
• 100% company funded HSA 
• Rich medical coverage (100% coinsurance) 
• Dental coverage including orthodontia 
• Up to $420,000 in life insurance, premiums 100% company funded 
• Amazon Prime, gym reimbursement, monthly lunches, games and prizes 
• Pet adoption program, generous referral bonus program, fun events, and more! 

We are a certified Service Disabled Veteran Owned Small Business in the Baltimore/Washington area, and we are an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law. 

Key words: Full Clearance, Fort Meade, SDVOSB, Service-disabled veteran owned small business, DoD, full scope  

Powered by JazzHR

56IUCRC1Va