Today
Top Secret/SCI
Unspecified
CI Polygraph
IT - Security
Tysons, VA (On-Site/Office)
Description
Responsible for ensuring the security and maintenance of information systems in their assigned programs throughout the Risk Management Framework (RMF) lifecycle, from preparing through decommission, in accordance with Intelligence Community Directives (ICD) and Defense Intelligence Agency (DIA) policies. The ISSM manages and controls changes to the system or application, assesses the potential cybersecurity impact of those changes, provides technical expertise and continuous monitoring.
Responsibilities:
Requirements
Candidates must hold at least one of the following certifications:
CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP.
Responsible for ensuring the security and maintenance of information systems in their assigned programs throughout the Risk Management Framework (RMF) lifecycle, from preparing through decommission, in accordance with Intelligence Community Directives (ICD) and Defense Intelligence Agency (DIA) policies. The ISSM manages and controls changes to the system or application, assesses the potential cybersecurity impact of those changes, provides technical expertise and continuous monitoring.
Responsibilities:
- Thoroughly document misconfigurations, issues, and vulnerabilities from analyzed systems.
- Properly uses XACTA to manage and store all relevant program information including documentation of risk assessments, security control implementations, POA&M tracking, and compliance status.
- Monitor and track all POA&M items, ensuring that vulnerabilities identified in scans or audits are documented, mitigated, and closed appropriately.
- Collaborate with ISSOs, SCAs, PMs, and other stakeholders by providing necessary guidance and clarifications.
- Act as a cyber security representative of the DoD.
Requirements
- TS/SCI (able to obtain and maintain a CI Poly)
- B.S degree and 4+ years' experience or A.S degree and 6+ years of experience or no degree with 8+ years of experience.
- Senior knowledge and hands-on experience with RMF, NIST 800-series guidelines, FIPS, Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management.
- Experience using a Cyber Risk Management Platform (e.g., XACTA/EMASS) for Workflow Automation, Compliance Standards, RMF, and Continuous Monitoring.
- Solid interpersonal and communication skills to interact with various stakeholders and team members effectively.
- Expert hands-on experience interrupting compliance and vulnerability scanning tool reports from (XACTA, STIGS, ACAS, PRISMA, Splunk, Trellix (HBSS), and/or other vulnerability scanners)
- Exhibit problem-solving skills and the ability to think analytically.
- Some experience leading security projects and initiatives.
- Team-player with collaboration qualities and experience working in mixed technical teams.
Candidates must hold at least one of the following certifications:
CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP.
group id: 10461782
