Job Requirements
Warrenton, VA
Top Secret/SCI Polygraph not specified
Mid Level Career (5+ yrs experience)
$150,000 - $165,000
Job Description
In support of a challenging, critical, and rewarding program that provides integrated voice, video, and data services throughout the Information Technology lifecycle, Amentum is seeking a Senior Information System Security Officer to join our dynamic team of IT professionals dedicated to fostering a positive and collaborative work environment. You must be a critical thinker, have a strong work ethic, and be able to work independently or as a member of a team in a dynamic environment. We value candidates who are detail-oriented while also being able to think and react quickly to emerging and unique problem sets. To be successful, you must be able to rapidly adapt and learn how to operate the front and back end of new products and processes.
Work Schedule:
• 5 Days (Mon – Fri); 8 hrs/Day; 40 hrs/wkly
Essential Responsibilities:
The duties and responsibilities of the Senior Information System Security Officer include, but are not limited to the following:
• Generate and maintain the complete security Body of Evidence (BoE) while leading the A&A activities according to the Risk Management Framework (RMF) processes (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.) for all multiple information systems.
• Lead the development and maintenance of information security policies, standards, and control procedures to enable compliance with RMF.
• Complete Security Authorization packages, to include System Security Plans, Security Assessment Reports, POA&M summaries, and a Continuous Monitoring Plan/assessment schedule within XACTA, and present executive briefings to senior management.
• Conduct thorough auditing of security information and events utilizing advanced tools like Splunk and NESSUS to detect and mitigate potential threats, ensuring the integrity of the enterprise.
• Ensure security risk assessments are conducted as appropriate on any system upgrades, software/hardware changes, etc.
• Ensure security authorization boundaries are properly defined and captured in the system security plans, and that all interconnection agreements are in place and current.
• Ensure system security controls contain accurate implementation statements and assessment results, and that appropriate artifacts are completed to support findings; provide hands-on assistance as appropriate.
• Ensure POA&Ms have appropriate milestones, accurate description of the weaknesses and remediation, estimated cost and realistic due dates providing hands-on assistance to components as necessary.
• Maintain day-to-day security posture and continuous monitoring of all Information Systems.
• Review system vulnerability scans, verify implementation of DISA STIGs, and ensure other security relevant information system configuration tasks are completed.
• Perform test/evaluation of required technical security controls including performing certification tests and periodic inspections of information systems.
• Develop and conduct test procedures for verification A&A, RMF safeguards to meet customer requirements based NIST publications.
• Assess changes to an IS by performing periodic self-inspections, tests, and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities.
Work Environment, Physical Demands, and Mental Demands:
• Minimum Requirements (Knowledge, Skills, and Abilities):
• Must have active Top-Secret clearance with SCI or TS with the ability to acquire SCI
• 8 years of relevant experience
• In-depth knowledge of Microsoft Windows OS (client and server) and familiarity with Red Hat Enterprise Linux (RHEL).
• Experience with security configurations across multiple operating systems in various environments, to include Windows and Linux, utilizing Active Directory/Group Policy
• Experience in the development of technical documentation to include artifacts required to support Assessment and Authorization (A&A) under the Risk Management Framework
• Experience with XACTA, ACAS/NESSUS, Trellix, and Splunk
• Experience with DISA STIGs and DISA Viewer
• Experience with risk
• 2 years of knowledge and experience with NESSUS/ACAS and Trellix administration
• Must be able to work a 40-hour work week, normally Monday through Friday.
• Ability to work overtime during critical peaks and be available to meet last minute requests for overtime if needed.
• Ability to travel (5-10%) primarily within 75 miles.
• Familiarity with MS Office applications such as Excel, Word, Outlook, SharePoint, Project, and Visio.
• Exceptional attention to detail; excellent verbal and written communication skills; strong critical thinking, organizational, time-management, and problem-solving skills.
• Ability to work both independently and as part of a team in a dynamic environment.
Security Clearance Required:
• Must have active Top-Secret clearance with SCI or TS with the ability to acquire SCI
Minimum Education:
• Bachelor’s degree in IT related field
Minimum Years of Experience:
• 8 years of relevant experience
Required Certifications:
Must have or be able to obtain one of the following 8140 IA Technical Level III baseline certifications before start date:
• Level III certs include – CASP CE, CCNP, CISA, CISSP (or Associate)
Preferred Qualifications:
• Previous supervision and/or participation with Cybersecurity Assessments and Authorizations
• Familiarity and the ability to aid with the cybersecurity tools such as ForeScout, Ivanti, and Trellix
Work Schedule:
• 5 Days (Mon – Fri); 8 hrs/Day; 40 hrs/wkly
Essential Responsibilities:
The duties and responsibilities of the Senior Information System Security Officer include, but are not limited to the following:
• Generate and maintain the complete security Body of Evidence (BoE) while leading the A&A activities according to the Risk Management Framework (RMF) processes (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.) for all multiple information systems.
• Lead the development and maintenance of information security policies, standards, and control procedures to enable compliance with RMF.
• Complete Security Authorization packages, to include System Security Plans, Security Assessment Reports, POA&M summaries, and a Continuous Monitoring Plan/assessment schedule within XACTA, and present executive briefings to senior management.
• Conduct thorough auditing of security information and events utilizing advanced tools like Splunk and NESSUS to detect and mitigate potential threats, ensuring the integrity of the enterprise.
• Ensure security risk assessments are conducted as appropriate on any system upgrades, software/hardware changes, etc.
• Ensure security authorization boundaries are properly defined and captured in the system security plans, and that all interconnection agreements are in place and current.
• Ensure system security controls contain accurate implementation statements and assessment results, and that appropriate artifacts are completed to support findings; provide hands-on assistance as appropriate.
• Ensure POA&Ms have appropriate milestones, accurate description of the weaknesses and remediation, estimated cost and realistic due dates providing hands-on assistance to components as necessary.
• Maintain day-to-day security posture and continuous monitoring of all Information Systems.
• Review system vulnerability scans, verify implementation of DISA STIGs, and ensure other security relevant information system configuration tasks are completed.
• Perform test/evaluation of required technical security controls including performing certification tests and periodic inspections of information systems.
• Develop and conduct test procedures for verification A&A, RMF safeguards to meet customer requirements based NIST publications.
• Assess changes to an IS by performing periodic self-inspections, tests, and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities.
Work Environment, Physical Demands, and Mental Demands:
• Minimum Requirements (Knowledge, Skills, and Abilities):
• Must have active Top-Secret clearance with SCI or TS with the ability to acquire SCI
• 8 years of relevant experience
• In-depth knowledge of Microsoft Windows OS (client and server) and familiarity with Red Hat Enterprise Linux (RHEL).
• Experience with security configurations across multiple operating systems in various environments, to include Windows and Linux, utilizing Active Directory/Group Policy
• Experience in the development of technical documentation to include artifacts required to support Assessment and Authorization (A&A) under the Risk Management Framework
• Experience with XACTA, ACAS/NESSUS, Trellix, and Splunk
• Experience with DISA STIGs and DISA Viewer
• Experience with risk
• 2 years of knowledge and experience with NESSUS/ACAS and Trellix administration
• Must be able to work a 40-hour work week, normally Monday through Friday.
• Ability to work overtime during critical peaks and be available to meet last minute requests for overtime if needed.
• Ability to travel (5-10%) primarily within 75 miles.
• Familiarity with MS Office applications such as Excel, Word, Outlook, SharePoint, Project, and Visio.
• Exceptional attention to detail; excellent verbal and written communication skills; strong critical thinking, organizational, time-management, and problem-solving skills.
• Ability to work both independently and as part of a team in a dynamic environment.
Security Clearance Required:
• Must have active Top-Secret clearance with SCI or TS with the ability to acquire SCI
Minimum Education:
• Bachelor’s degree in IT related field
Minimum Years of Experience:
• 8 years of relevant experience
Required Certifications:
Must have or be able to obtain one of the following 8140 IA Technical Level III baseline certifications before start date:
• Level III certs include – CASP CE, CCNP, CISA, CISSP (or Associate)
Preferred Qualifications:
• Previous supervision and/or participation with Cybersecurity Assessments and Authorizations
• Familiarity and the ability to aid with the cybersecurity tools such as ForeScout, Ivanti, and Trellix
group id: 91156626
