INFORMATION SYSTEM SECURITY OFFICER OR MANAGER (ISSO, ISSM) WITH SECURITY CLEARANCE
Jacobs
Herndon VA 20171 US
BlackLynx, a wholly owned subsidiary of Jacobs, is seeking a full-time, on-site role for an Information Systems Security Officer/Manager at BlackLynx in Chantilly, VA. The Information Systems Security Officer/Manager will be responsible for ensuring and maintaining the security and integrity of our government sponsored computer network by managing cybersecurity protocols, implementing information security measures, and overseeing physical and network security. The ISSO/M shall perform daily task involving system compliance validation, vulnerability management response coordination, data transfer (Low to High and High to Low), and ongoing audit review and correlation, as well as general support to ongoing continuous monitoring activities. Location: Chantilly, VA Responsibilities: - Comply with the ISSO/ISSM Roles and Responsibilities aligned to IAM Level II or higher role
- Manage security-related program milestones/deadlines to meet contract requirements
- Support Assessment and Authorization (A&A) requirements and process and apply ICD 503, NISPOM, and other federal guidelines in support of systems used at contractor facilities
- Develop and continuously update all Security Authorization documentation as required by the customer and in accordance with applicable Risk Management Framework (RMF) packages using the current customer approved templates, forms, regulations, and methods. These documents include, but are not limited to: SSP, SAR, Contingency Plan, IR Plan, CM Plan, SOPs, POAMs & Remediation Plans
- Provide timely and detailed responses to all data calls.
- Oversee and respond to security gaps/needs with information systems
- Create and update Body of Evidence for system accreditation using ServiceNow or similar risk management software (NIST 800-53)
- Develop and enforce cyber security policies and procedures for accredited systems
- Coordinate with customer to guide systems through the government accreditation process to achieve Approval to Operate
- Review requests for software and hardware changes to systems, and submit for customer approval where required
- Work closely with system administrators to address open vulnerabilities
- Manage the plan of action and milestones (POA&Ms) by working with the Systems Administrator, managers and engineers to develop schedules and engineering actions that mitigate open items
- Maintain, update and conduct routine vulnerability and compliance scans across sponsor networks using NESSUS, or similar software
- Configure and perform weekly system audit's (review of logs) and related continuous monitoring tasks
- Review and interpret new government security policies for applicability
- Perform cybersecurity activities, including change management, account management, auditing, media protection, user training, file transfers, etc...
- Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each IT system.
- Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each IT System.
- Participate in the remediation, documentation, and reporting of all incidents for the accredited system(s) - Collaborate with and support the corporate Information Assurance team on all cyber incidents and data spill clean-up
- Performs other duties as assigned. Here's what you'll need
- 4-6 years of prior ISSM/ISSO or alternate ISSM/ISSO experience
- Active Top Secret security clearance with CI Poly
- Self-starter with the ability to work independently - Bachelor of Science degree in Information Systems, cybersecurity, Network Systems Technology or related field or at least 4 years of directly related experience in lieu of degree or any equivalent combination of education, experience, training and certifications
- DoD 8570 IAT II Certification (Security+, CISSP, CISM, CASP+) - Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev4/ Rev5, NSM 8 and working with System Owners (SO)
- Familiarity with information system security principles of NIST 800-171, In-depth knowledge of NIST special publications, CNSS policies and instructions
- Proficient in the use of tools used to prevent and/or negate malicious code (e.g HBSS, Anti Malware,)
- System Admin or other technical experience - Ability to review, analyze, and interpret technical procedures against customer security requirements
- In depth knowledge with ServiceNow (SNOW)
- Strong communication skills, both written and verbal Preferred: - Linux experience - intermediate level
- Cloud experience (AWS preferred) Jacobs’ health and welfare benefits are designed to invest in you and in the things you care about. Your health. Your well-being. Your security. Your future. Eligible employees and their dependents may elect medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan, and, if eligible, a deferred compensation plan and Executive Deferral Plan. Employees will also receive 17 days of vacation per year, seven paid holidays, plus floating holidays and caregiver leave. Hired applicants will be able to purchase company stock and have the opportunity to receive a performance discretionary bonus. The base salary range for this position is $150,000.00 to $175,000.00. This range reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
- Manage security-related program milestones/deadlines to meet contract requirements
- Support Assessment and Authorization (A&A) requirements and process and apply ICD 503, NISPOM, and other federal guidelines in support of systems used at contractor facilities
- Develop and continuously update all Security Authorization documentation as required by the customer and in accordance with applicable Risk Management Framework (RMF) packages using the current customer approved templates, forms, regulations, and methods. These documents include, but are not limited to: SSP, SAR, Contingency Plan, IR Plan, CM Plan, SOPs, POAMs & Remediation Plans
- Provide timely and detailed responses to all data calls.
- Oversee and respond to security gaps/needs with information systems
- Create and update Body of Evidence for system accreditation using ServiceNow or similar risk management software (NIST 800-53)
- Develop and enforce cyber security policies and procedures for accredited systems
- Coordinate with customer to guide systems through the government accreditation process to achieve Approval to Operate
- Review requests for software and hardware changes to systems, and submit for customer approval where required
- Work closely with system administrators to address open vulnerabilities
- Manage the plan of action and milestones (POA&Ms) by working with the Systems Administrator, managers and engineers to develop schedules and engineering actions that mitigate open items
- Maintain, update and conduct routine vulnerability and compliance scans across sponsor networks using NESSUS, or similar software
- Configure and perform weekly system audit's (review of logs) and related continuous monitoring tasks
- Review and interpret new government security policies for applicability
- Perform cybersecurity activities, including change management, account management, auditing, media protection, user training, file transfers, etc...
- Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each IT system.
- Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each IT System.
- Participate in the remediation, documentation, and reporting of all incidents for the accredited system(s) - Collaborate with and support the corporate Information Assurance team on all cyber incidents and data spill clean-up
- Performs other duties as assigned. Here's what you'll need
- 4-6 years of prior ISSM/ISSO or alternate ISSM/ISSO experience
- Active Top Secret security clearance with CI Poly
- Self-starter with the ability to work independently - Bachelor of Science degree in Information Systems, cybersecurity, Network Systems Technology or related field or at least 4 years of directly related experience in lieu of degree or any equivalent combination of education, experience, training and certifications
- DoD 8570 IAT II Certification (Security+, CISSP, CISM, CASP+) - Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev4/ Rev5, NSM 8 and working with System Owners (SO)
- Familiarity with information system security principles of NIST 800-171, In-depth knowledge of NIST special publications, CNSS policies and instructions
- Proficient in the use of tools used to prevent and/or negate malicious code (e.g HBSS, Anti Malware,)
- System Admin or other technical experience - Ability to review, analyze, and interpret technical procedures against customer security requirements
- In depth knowledge with ServiceNow (SNOW)
- Strong communication skills, both written and verbal Preferred: - Linux experience - intermediate level
- Cloud experience (AWS preferred) Jacobs’ health and welfare benefits are designed to invest in you and in the things you care about. Your health. Your well-being. Your security. Your future. Eligible employees and their dependents may elect medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan, and, if eligible, a deferred compensation plan and Executive Deferral Plan. Employees will also receive 17 days of vacation per year, seven paid holidays, plus floating holidays and caregiver leave. Hired applicants will be able to purchase company stock and have the opportunity to receive a performance discretionary bonus. The base salary range for this position is $150,000.00 to $175,000.00. This range reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.