Information Security System Officer

Key Responsibilities

Operations Support

• Review user requests in conjunction with ISSM and System Administrators to determine security impacts of software additions or configuration changes to systems.
• Onboard users to systems, including development and delivery of training and briefings of Roles and Responsibilities operating on systems.

Risk Management and Assessment

• Conduct regular risk assessments and vulnerability assessments to identify potential security threats.
• Implement risk mitigation strategies and manage the risk management framework.

Continuous Monitoring and Audit Management

• Prepare for and execute both self-assessments and external assessments with Government Security Control Assessors in support of achieving and maintaining CMMC accreditation.
• Execute Continuous Monitoring activities of employed security controls to ensure comprehensive and effective implementation over time, including but not limited to analyzing user/system audit logs, malware protections, vulnerability reporting, and access reviews.

Incident Response and Management

• Develop and maintain an Incident Response Plan, partnering with Government Customers/Prime/Subcontractors for reporting procedures.
• Lead incident response activities, including investigation, containment, and remediation of security incidents.
• Investigate and adjudicate SIEM events.

System Security Plans (SSPs)

• Maintain System Security Plans and collecting all required artifacts (Compliance and Vulnerability reports, documented Policies/Procedures, etc.).
• Ensure that SSPs are regularly reviewed, updated, and compliant with regulatory requirements.

Collaboration and Communication

• Work closely with System Administrators, compliance, and other departments to ensure cohesive and comprehensive security strategies.
• Serve as a point of contact for security-related issues and provide guidance and support to other teams.

Continuous Improvement

• Stay up-to-date with the latest security trends, technologies, and regulatory requirements.
• Continuously improve security measures and processes to protect information systems effectively.

Qualifications

Requirements

• US Citizenship
• Eligibility for a US Government Security Clearance
• Bachelor's degree in Information Security, Computer Science, or a related field
• 2+ years of experience in information security, working with Federal Regulations
• Proven experience in leading the management and implementation of an Information Security Program
• Strong understanding of security frameworks and standards for NIST SP 800-171 and DevSecOps
• Proficiency in security tools and technologies, such as SIEM, IDS/IPS, STIG Hardening, and vulnerability management solutions
• Exposure to technologies and concepts including Kubernetes Containerization, AWS GovCloud Environments and Tooling, CI/CD pipelines, and Secure Network Architecture
• Excellent communication and interpersonal skills
• Strong analytical and problem-solving abilities
• Ability to manage multiple projects and priorities in a fast-paced environment

Nice-to-Haves

• Experience with CMMC 2.0 accreditation
• Experience with Controlled Unclassified Information (CUI) protection