Job Information
Tau Six Information System Security Officer (ISSO) / Jr. SCA (TS/SCI) in Chantilly, Virginia
Join a fast growing agile small company that delivers cutting edge cybersecurity and system integration services to the US National Security market. We are seeking a motivated self-starter with experience in secure information systems to join a team of security professionals and help defend national security programs.
Security Clearance Requirements: Active Top Secret / SCI Required
This position requires full-time on-site support. This is not a remote position.
Tau Six, an agile small company delivering cutting edge cybersecurity and systems integration services to the US National Security market, has an immediate need for a Information System Security Officer (ISSO) for a Department of Defense customer. In this role you have the opportunity to work with a cross-functional team in multiple technical areas to include operations, engineering, security, and systems development to deliver secure solutions to our national security customers.
The Information Systems Security Officer (ISSO) ensures the appropriate operational security posture is maintained for information systems to include Wide Area Networks (WANs), Local Area Networks (LANs), Cross Domain Solutions (CDSs), and standalone systems. Directs and implements the necessary controls and procedures to cost-effectively protect information systems from intentional or inadvertant modification, disclosure, or destruction. Provides system security plans; change management, security incident response, and information system security documentation, policies, and procedures.
The ISSO is responsible for providing Risk Management Framework (RMF) products that document the information system's adherence to the security controls applied.
Responsibilities:
Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
Participate in in A&A events for external systems as a member of the security control assessment team in support of the senior Security Control Assessor (SCA).
Create and maintain existing information system security documentation, including SSP, SCTM, and Risk Management Framework (RMF) Body of Evidence
Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter
Write implementation and design documents describing how security features are implemented
Prepare system documentation for assessment in accordance with RMF and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance
Create security policies and maintain existing information system security documentation
Conduct periodic and continuous monitoring of the system to ensure compliance with the authorization package
Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes
Conduct daily, weekly, and monthly audit review and management of the audit collection system for assigned systems, boundaries, and components
Continuously review and evaluate best practices for implementing a comprehensive audit program
Implement vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing applicability to existing systems, and ensuring closure
Implement media control and data transfer policies
Provide direction and guidance to less experienced cybersecurity personnel
Remain sensitive to security infractions and assist in security investigations and responses as requested
Work on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment
Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage
Communicate well, both orally and in writing with both government and industry audiences
Qualifications:
4 or more years of experience in Information Security (INFOSEC) operations and/or Cybersecurity-related support.
Graduated with a Associate's Degree (preferably in telecommunications, computer science, information systems management, electrical engineering, computer engineering or similar field of study)
Strong background and extensive experience with RMF, ICD 503, NIST SP800-53, JSIG or DJSIG; knowledge of current authorization practices, particularly within the DoD. Extensive background with DITSCAP/DIACAP may be substituted in some cases.
Experience with security efforts related to modern Windows, Cloud computing, Linux, UNIX, Cisco, SQL or Oracle databases, and virtual computing. This might also include some system administration work with an emphasis on security control implementation
Experience with using vulnerability scanning and audit collection and management products.
DoD 8570.1 / DoD 8140.01 certification (IAT Level III, IAM level II ) required, CAP, CASP, CISSP, or CISM desired
Desired Qualifications:
2 or more years of experience with the Risk Management Framework (RMF) within the Intelligence Community (IC), DoD, and/or Federal Systems community.
OS/CE certificate for Windows 10 and Windows Server 2012/2016 or newer.
OS/CE certificate for Red Hat Enterprise Linux (RHEL).
Security Clearance Requirements: Active Top Secret / SCI Required