Information System Security Officer

JOB SUMMARY

The Cyber Specialist position is assigned to a high-profile project / account. Depending on the assignment, this unique cyber specialist role may spend time in one or multiple key areas including: Cyber security, cyber support (e.g. patching servers, firewalls, issue resolution, etc.), networking, and / or other field-based engagement focused on maintaining / expanding client based cyber services. Specific duties / tasks may vary and be documented separately

The position requires the ability to adjust quickly to real-time changing priorities within a complex and fluid environment, in a new and quickly growing sector of the Company. The ideal candidate is service oriented and demonstrates a unique blend of technical mastery, creativity and collaboration. Additionally, candidates must be comfortable trouble-shooting firewalls, servers and technical issues on a daily basis and adhering to industry best practices and lessons learned.

DISTINGUISHING CHARACTERISTICS

Primary job function is management of cyber operations and/or site based cyber function planning and execution. Has limited profit & loss responsibility for direct expenses, all unbilled labor, and operations costs, and manages field supervisory staff. This job description applies only to salaried positions performing essential functions of the nature described, with the authority to make independent choices, free from immediate supervision, in significant matters that affect the business, or to carry out tasks that are directly and closely related to such work, no less than 50% of the time

ESSENTIAL FUNCTIONS

• The functions listed describe the business purpose of this job. Specific duties or tasks may vary and be documented separately. The employee might not be required to perform all functions listed. Additional duties may be assigned, and functions may be modified according to business necessity.
• All assigned duties or tasks are deemed to be part of the essential functions unless such duties or tasks are unrelated to the functions listed, in which case they are deemed to be other (non-essential) functions.
• Employees are held accountable for successful job performance. Job performance standards may be documented separately and may include functions, objectives, duties, or tasks not specifically listed herein.
• In performing functions, duties, or tasks, employees are required to know and follow safe work practices and to be aware of company policies and procedures related to job safety, including safety rules and regulations. Employees are required to notify superiors upon becoming aware of unsafe working conditions.
• All functions, duties, or tasks are to be carried out in an honest, ethical, and professional manner and are to be performed in conformance with applicable company policies and procedures. In the event of uncertainty or lack of knowledge of company policies and procedures, employees are required to request clarification or explanations from superiors or authorized company representatives.

C Y B E R S E C U R I T Y & S U P P O R T

Identify cybersecurity risks through the evaluation of common and technical controls, designing and executing risk assessments and monitoring activities, effective risk identification, reporting and escalation.

Conduct incident response activities: identify threats, detect incidents, protect Client systems against these threats and incidents, respond to discovered incidents and recover Client systems to a known safe state

Implement and uphold controls to grow and elevate Client based Governance, Risk, and Compliance programs. May design, install and manage security mechanisms that protect networks and information systems against hackers, breaches, viruses, and spyware.

Work as a Cyber specialist in the field patching Windows and Linux servers, advanced security analysis, firewalls and issue resolution in support of Client systems security.

Remain aware of a constantly changing threat and attack vectors.

Ensure that the information assurance and security policies governing network and desktop operations are maintained; may update existing security and compliance policies. Developing and maintaining all necessary security documentation.

Individually or as a part of a team, identifies and resolves highly complex issues to prevent cyber-attacks on information systems. Works to keep computer information systems secure from interruption of service, intellectual property theft, network viruses, data mining, financial theft, and theft of sensitive customer data.

Support, review and improve existing tactics, techniques and procedures for cyber security processes; provide support and position-based activity related to inspections, audits, investigations, assessments and/or review of Information Assurance/Security programs.

May formally represent the organization during assessments and effectively articulate assessment report results and findings. May coordinate pre-assessment activities: in briefs., daily activities, out briefs and follow-on documentation requirements

May provide input to security planning, assessments and surveys; reviews cyber procedures and communicates requirements and changes to affected personnel as appropriate.

May work with a team to develop cyber security training and awareness for assigned area of responsibility.

May work with Information Security Specialists to access system security posture and remediate vulnerabilities and close identified Plan of Action and Milestones (POA&Ms). Update security documentation as applicable to obtain / maintain Authority to Operate (ATO), work with project teams to collect evidence and remediate findings.

A D D I T I O N A L K E Y S U C C E S S A C T I V I T I E S

• Keeps informed of industry trends through benchmarking, participation in professional associations etc. in order to lead to appropriate solutions.
• Maintains a positive, professional environment in full compliance with applicable laws, regulations, policies and procedures; acts to ensure that employees understand and comply with applicable laws, regulations, policies and procedures.
• Performs additional functions, duties and specific tasks of a similar nature and scope as necessary in order to achieve assigned business objectives.

MINIMUM QUALIFICATIONS AT ENTRY

Additional qualifications may be specified and receive preference depending upon the nature of the position

Basic Qualifications

• Must be a citizen of the United States
• Currently possess at least an active, Secret clearance with an ability to acquire and maintain a Top-Secret Security Clearance.
• Ability to acquire and maintain any other specific special clearances/access requirements.
• At least 18 years of age

Education/Experience

• A Bachelor's degree is preferred, ideally in computer science or equivalent. Relevant technical certifications (e.g. CISA, CISM, CISSP, etc.) and experience may be considered in lieu of a degree.
• At least four years of experience relevant to Cyber security work in a related field or an equivalent combination of education and experience sufficient to perform the essential functions of the job, as determined by the company.
• Additional preferred qualifications include the following: Familiarity with 800-53, 800-171 Frameworks as well as CMMC; familiarity with Certified Ethical Hacking (CEH), Certified Information Systems Security Professional (CISSP) certification
• Information Assurance Certification: DoDI 8570 IAM III certification

Background Prerequisites

• Must undergo and meet company standards for background and reference checks, controlled substance testing, and behavioral selection survey, in addition to any mandatory licensing requirements
• Competencies (as demonstrated through experience, training, and/or testing)
• Strong technical and systems experience in the following areas: Networking, Cyber Security Systems Administration, Information Assurance.
• Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Experience with the preparation of RMF documents and procedures
• Knowledge and experience with various operating systems, to include Windows Server 2016 R2, Windows 10 Professional/Enterprise, Linux and Unix.
• Understanding of NIST 800-171, CMMC requirements
• Ability to convey complex technical concepts in easily understandable business terms
• Ability to work both independently and as part of a cohesive, cross-functional team
• Strong ability to communicate effectively in English, both verbally and in writing.
• Strong planning, organization and time management skills.
• Ability to carry out multiple assignments / projects concurrently.
• Ability and willingness to adapt quickly to shifting deadlines and priorities;
• Strong sense of urgency and accountability
• Ability to consistently apply good judgment in problem solving and decision making.
• Ability to interact effectively at all levels and across diverse cultures.
• Ability to maintain professional composure when dealing with unusual circumstances.
• Ability to adapt to changes in the external environment and organization.
• Ability to continuously self-educate and adapt to the changes in related industry and service delivery methods.
• Must be able to work with minimal supervision.
• Must be able to professionally represent our company and our industry. Knowledge of or ability to learn security operations and procedures.
• Ability to provide high quality customer service and service delivery orientation
• Ability to think strategically, synthesize business/financial data, develop innovative solutions and promote legal and ethical practices.
• Ability to conduct counseling in routine disciplinary matters.
• Ability to read, analyze, and interpret various internal and external documents and reports.
• Ability to write reports and correspondence in a clear and concise manner.
• Planning and organizing skills.
• Ability to foster a culture of trust, equal opportunity, teamwork, responsibility, high expectations, and open communication with our internal and external customers and employees.
• Ability to be an effective team leader and positive team member, and handle projects responsibly, take initiative and achieve results.
• Required ability to handle multiple tasks concurrently and with interruption.
• Strong customer and results orientation.
• Ability to travel within assigned geography sufficient to be responsive to employee, client, prospective client, and Company needs.

WORKING CONDITIONS (Physical/Mental Demands)

• With or without reasonable accommodation, requires the physical and mental capacity to perform effectively all essential functions. In addition to other demands, the demands of the job include:
• Maintaining composure in dealing with executives, clients, prospects and staff, in group settings and in situations requiring high performance and results.
• Must undergo and meet company standards for background and reference checks, controlled substance testing, and behavioral selection survey.
• Handling and being exposed to sensitive and confidential information.
• Required ability to handle multiple tasks concurrently.
• Regular use of vehicle required in the performance of duties.
• Regular talking and hearing.
• Close vision, distance vision, and ability to adjust focus.
• Frequent local and regional travel to client sites.
• Frequent lifting and/or moving up to 15 pounds and occasional lifting and/or moving up to 35 pounds.
• Responding on an on-call basis to emergencies and incidents at all hours.

A Word about EEO, Pay Transparency and Other Requirements....

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

VA License Number: 11-4665