The ISSE will work as part of a team reviewing and assessing Risk Management Framework (RMF) authorization body of evidence for classified information systems, to include: System Security Plan (SSP), Security Control Traceability Matrix (SCTM), Continuous Monitoring Plan, Incident Response Plan, Access Control Plan, Security Assessment Plan, etc.
Review new and existing systems for technical compliance with IA directives and protection of data at all classification levels including SCI. Advise on in-depth security design review and threat/risk assessments.
Provide inputs to technical artifacts, including Plans of Action and Milestones (POA&Ms), Security Control Traceability Matrices (SCTM), and Risk Assessment Reports (RARs).
Conduct site visits and assessments to inspect IA plans and security control implementations and support Incident Response Team (IRT) activities.
This position will work in a Government Program Management Office as part of a Cyber Security SETA team.
DoD 8570 IAT Level II certification or higher (Sec+, CISSP, CASP, etc.)
5+ years of implementing NIST 800-53, Rev 4 and the Risk Management Framework (RMF)
5+ years of experience with Windows and Linux environments.
5+ years of experience with virtualization or cloud environments.
2+ years of using information security and assurance practices and principles.
Bachelor's Degree in Cyber Security, Computer Science, Information Technology, or related field
Other Security related certification (Cloud, SIEM, forensics, Linux, Windows, etc)
Experience working in a DevSecOps project environment.
Formerly or currently a system administrator, developer, or engineer.
Experience with MS Active Directory, Splunk, ACAS/Nessus, McAfee, Windows, Linux, AWS Security, etc.
Strong verbal and written communication skills. Able to engage with users in a professional manner and present technical concepts plainly to semi-technical customers. Ability to interface with seasoned Government personnel.
Ability to work in a matrixed team environment and support multiple different efforts as needed.
Desire to learn new technologies and tools and willing to share your experience with the team