CLOSED - 2609 - Information Systems Security Officer > Chantilly > Joboolo FR :
Société : Procession Systems Lieu : Chantilly Hauts-de-France
OVERVIEW:
Our customer requires assistance in establishing a robust enterprise-wide Privileged Access Management architecture across 3 networks to ensure 2-factor authentication requirements are met for its privileged users.
A successful candidate will serve as the Information System SecurityOfficer.
The position requires a deep understanding of the ICD-503 RMF framework with the expectation to support system administration duties as required.
This drives a requirement for deep understanding of the overall system, its COTS, and underlying Operating Systems in order to be able to perform both system administration, operations leadership, and A&A duties.
This position will have the ability to sit either in the Springfield or Chantilly location.GENERAL DUTIES:
Coordinate and maintain at least 9 SPIDs, following all ConMon processes and possibly more for other contracts As required by Bana Solutions, coordinate and maintain the SPID of other Bana Solutions systemsPOA&M status and coordination, to include dates to complete, status, and POA&M Verification Reports (PVRs)Provide leadership to the project/program team in determining client requirements and translating requirements into operational plansParticipate in team problem solving efforts and offer ideas to solve client issuesProviding leadership in project/program requirements, scope, and change management issuesIdentify opportunities for efficiencies in work processes and innovative approaches to completing scope of workMaintain responsibility for completion and accuracy of work productsReview and update security documentation such as that listed below to meet ICD 503, CNSSI 1253, NIST SP 800-37 and other applicable federal requirements:
System Security PlansSecurity Controls Traceability Matrix (SCTM)CONOPS/SECONOPSRisk Assessment ReportsPlan of Action and Milestones (POA&Ms)Interconnection AgreementsRisk Assessment ReportsContingency PlansSecurity Assessment ReportsReview policies and procedures as required for various security controls identified in the Security Controls Traceability Matrix (SCTM)Conduct reviews and validations of system configurations in accordance with applicable guidelines (i.e.
customer, DISA STIGS and CIS Benchmarks).Work with program and stakeholder to gather and define requirements for the evolution and growth of the PAM architecture.Perform system administration duties on the PAM platform, to include among other things:
Windows Server 2016Red Hat Enterprise LinuxIdentify risks by role, software, information type, and other categories and define acceptable and mitigation strategies.
Oversee training, policies, and practices, including audits, to ensure systems are securely operated.
Document and communicate policies, queries, vulnerabilities, and current state of the system.
Assist with regulatory and data transfer procedures.
Implement and monitor informationsecurity requirements, policies, and complianceOperational AnalyticsMaintain and operate the analytics stack on SBU and SCI to ingest and display metrics across:
Shield usage, to include logins, PSM connections, Password shows, etc.
and trends over timeOps Tracker data, namely user issues, and trends over timeShield system health script database data and trends over timeIAVA scan results and trends over timeSTIG scan results and trends over timePOA&M report results and trends over timeREQUIRED QUALIFICATIONS:
BS degree and 5 years of prior relevant experienceMinimum of 5 years' hands-on experience on DOD projects in a cybersecurity role.2 years of experience in performing as an ISSO on DOD projectsExperience with network and network security assessments and documenting the results using NIST SP 800-53A, completing security plans and recommending Security Controls for Federal InformationSystemsDocumenting recommendations to correct security weaknesses resulting from security assessments and tracking implementation of corrective actionsDeveloping network and network security policies and system security documentation and proceduresStrong communication skills, both verbal and writtenAbility to quickly learn new software and IT conceptsICD-503 and NIST 800-53 security controlsProficiency in ACAS/NESSUS, SCAPExperience with the DoD Information Assurance Vulnerability Management (IAVM) ProgramDESIRED QUALIFICATIONS:
Strong collaboration skillsAbility to quickly learn new software and IT conceptsAble to make decisions and progress with ambiguous information and imperfect knowledgeStrong sense of ownership, urgency and driveCLEARANCE:
Top Secret minimum â? ProcessionSystems ChantillyHauts-de-France IT Expérience souhaitée
