AISSO - Cybersecurity Engineer (Sr Level)
Alpha Omega Integration
 Kearneysville, WV

Summary

We are looking for a focused, driven self-starter to work in a highly dynamic, cross-functional, complex IT environment. The Altenate Information System Security Officer (AISSO) will represent the ISSO as the IA liaison to assigned information systems; the candidate will interface with the ISSO, Information System stakeholders, and upstream and downstream assessment stakeholders to perform security duties.

The AISSO is responsible for helping Information Systems achieve and maintain their Authority to Operate (ATO). Information system missions include supporting national security and search and rescue missions. Information systems operate across various technology platforms and environments, including DevOps, cloud, and traditional data center. The AISSO reports directly to the Front Office Project Manager, while independently engaging in enterprise and system-level cybersecurity-related engineering tasks.

The successful candidate should have: experience performing assessment-related tasks; expert verbal and written communication skills; ability to interpret NIST and DoD guidance; and experience with industry tools, such as STIG viewer, ACAS, and eMASS.

Specific Responsibilities

· Conduct focused compliance assessments for information systems according to guidance from NIST, OMB, DoD, DHS, FISMA, and internal policies.

· Identify common and inheritable security control applicability across a variety of platforms and applications.

· Analyze DoD Security Technical Implementation Guides (STIGs) implementation compliance and associate checklists to NIST SP 800-53 security controls

· Conduct comprehensive manual security control testing, document examination, and staff interviews for security controls not covered by STIGs or inheritance

· Analyze scan results from scanning tools (Nessus, SIEM, ACAS, and so forth) to identify additional information system vulnerabilities; verify scans against approved hardware/software and server lists to identify where gaps exist

  • Plan, develop, finalize, and review key deliverables at each stage of the Assessment & Authorization (A&A) project using applicable DoD and DHS tools and guidance.
  • Prepare and track POA&Ms in eMASS for items that out of compliance; identify risks and remediation recommendations.
  • Manage project expectations to ensure requirements are understood and agreed upon by stakeholders.
  • Assess proposed changes to information systems; identify risks of the proposed change and whether the proposed change affects the system ATO or FIPS categorization level.
  • Develop, review, and reconcile IA security policies, standards, guidelines, procedures, and other technical documentation.
  • Perform research to ensure knowledge proficiency remains aligned to technologies and industry best practices.
  • Identify and recommend process improvements relating to the A&A process and/or established guidelines.
  • Work closely with stakeholders to ensure information system A&A efforts are completed within stated deadlines.
  • Engage constructively within the team to identify and resolve challenges or exploit opportunities.
  • MUST possess excellent verbal and written communication skills. MUST be comfortable discussing (both verbally and in writing) status and risks/project impacts with all levels of management and project stakeholders.
  • Ability to interpret NIST and DoD guidance

· MUST possess familiarity with FedRAMP inheritable controls and cloud-based security principles

Required Qualifications

  • IAM II or IAT Level III Security Certification, in accordance with DoD 8570.01-M
  • Experience implementing or assessing DISA STIGs
  • Experience with RMF workflow tools, such as eMASS
  • Experience and familiarity with DevSecOps principles especially in terms of secure coding best practices
  • Five (5) years of related experience
  • Experience with Cloud-based (FEDRAMP) system authorization

Preferred:

  • IAT Level III Security Certification, in accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program; CISSP or CASP CE certification in good standing
  • Bachelor’s degree or higher in IT
  • Familiarity with overlays, including CFO, Privacy, Facility, and NSS
  • Experience with industry tools, such as STIG viewer, ACAS, and eMASS

SECURITY CLEARANCE

  • Secret Clearance required.

DoD Secret

Kearneysville, WV

(Chesapeake location is an option).

Support