Address
Form of workJob Description
Location: Belmont, VA
Salary: TBD
Description:
Contact: ckelly@judge.com
Salary: TBD
Description:
Company: DOD Federal Government
Position ISSM
Location: Remote W/Occasional meetings in Ashburn, VA
MUST HAVE DOD SECRET OR TS Clearance
(ISSM) responsible for the Information Assurance and Security of application, database, RMF continuous monitoring, process engineering, tools and technology management, and enterprise network services. Responsible for activities associated with delivery of Cybersecurity policy implementation and network solutions associated with customer-defined systems and software projects; basic responsibilities include:
•Apply information security in accordance with DoD/Directive security policy including, but not limited to, DODI 8500.01, DODI 8510.01, NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171, AR 25-2, and AR 380-5
•Assess entire system lifecycle requirements and network security impacts
•Support creation of, and ensure approval for, Department of Defense (DOD) Risk Management Framework (RMF) Assess and Authorize (A&A) Process for development and sustainment projects
•Support program and customer management, and government Authorizing Official (AO) for all information security status, policies, and procedures
•Document DoD RMF Security Implementation Plan artifacts. Coordinate and assist development team with application artifact documentation
•Assist government personnel in preparing and presenting Enterprise Mission Assurance Support System (eMASS) packages to the Control Assessor (SCA)Assess and analyze US-CERT, ACERT, and current threat environment.
•Enhance – Implement Cybersecurity vulnerability/A&A hardening testing
•Optimize – Cybersecurity development environment certification
•Architect & Engineer security – develop security goals, capabilities, controls, and architecture
•Design & Implement security – vulnerability management, build security into development
•Integrate & Test Security – test patches and settings, document A&A artifacts
•Validate & Verify security – validate patch status and software control status
•Package Oversight – SME level support in verifying package accuracy, content, and various workflows
•Maintain security posture – audit security settings, track security training, monitor threats, track reaccreditation
•Enable assurance for information security during all phases of agile software development and deployment
•Continuously evaluate and recommend innovative proven best business practices and tools to enhance defense-in-depth
•Address Cybersecurity issues to help maintain Continuity of Operations Plan (COOP)
•Perform information security vulnerability testing and work with teams to mitigate any nonconformance
•Create and manage Plan of Action & Milestones (POA&M)
•Implement and validate Security Technical Implementation Guide (STIG) requirements for all development and implementation projects
•Understand and assist developers with static code analysis processes
•Perform a Risk Assessment of packages before they are pushed to the P. ISSM
•Familiarity with the RMF 2.0 process to include ATC w/ ConMon submission criteria
•Familiarity with Sentinel inheritance criteria
•Brief senior government leadership on overall package state with risk and details
•Understanding of various lifecycle RMF activities to build schedule and assist ISSOs in execution
Qualifications:
•Certifications: 8570.01-M, IAT Level II: CCNA Security, CSA+ GICSP, GSEC, Security+ CE, SSCP; (ISC)2's CISSP; ISACA CISA, GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED); and/or CompTIA Advanced Security Practitioner (CASP)
•Demonstrated knowledge of National/DoD Directive security policies including, but not limited to, DODI 8500.01, DODI 8510.01, NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171, AR 25-2, and AR 380-5
•Demonstrated experience with the Department of Defense (DOD) Risk Management Framework (RMF) Assess and Authorize (A&A) Process for development and sustainment projects
•Experience with HP Fortify Software Security Center
•Experience with Assured Compliance Assessment Solution (ACAS)/Tenable Nessus Vulnerability Scanner
•Demonstrated familiarity and experience with Firewalls, Intrusion Prevention Systems, WebGateways, and/or enterprise Antivirus software technologies
•Experience using eMASS,
•Computer Network Defense (CND) processes, procedures, and tools knowledge
•Working knowledge of and ability to assist others in the use of information security provisioning and monitoring tools to support process improvement
•Excellent written and verbal communication skills
•Strong collaboration skills and desire to work within a team
•Understanding of all elements of the DOD Cybersecurity policies and requirement
Contact: ckelly@judge.com
This job and many more are available through The Judge Group. Find us on the web at www.judge.com
