 Information Systems Security Officer
Location: Lexington, Massachusetts
Job Number: 231414
Information Systems Security Officer
The successful candidate will work independently and as a team member, must be a quick learner, self-motivated, reliable, and able to balance multiple tasks simultaneously. Candidate must have strong interpersonal skills and be able to manage stress in a professional manger. Candidate must be knowledgeable in computer security principles and policies, to include the Risk Management Framework (RMF), Security Technical Implementation Guides (STIGs), National Industrial Security Program Operating Manual (NISPOM), and Defense Security Service (DSS) Assessment and Authorization Manual (DAAPM). Candidate must have strong technical skills and be able to respond to off-hours emergencies. Position requires occasional local and overnight travel.
Core Responsibilities
- Assist in the security configuration and management of collateral classified systems and networks in a variety of traditional and virtual environments including Linux, Unix, Sun, Mac, and Windows
- Assist the Information System Security Manager (ISSM) in the development and maintenance of System Security Plans (SSP) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Report, and Continuous Monitoring Strategy
- Ensure systems are operated, maintained, and disposed of in accordance with organization security policies and procedures
- Collect, analyze, and store system audit records
- Conduct network, system, and application vulnerability scanning, configuration assessment, and remediation
- Prepare for and participate in periodic organization compliance assessments
- Ensure account management documentation is complete and updated
- Maintain configuration management documentation (change tracking, maintenance logs, etc.)
- Serve as a member of the Configuration Control Board (CCB) as needed
SKILLS:
Mandatory:
Must have In Scope Active Secret Clearance
- Selected candidate will be subject to a pre-employment background investigation and must possess a current in scope Secret level DoD security clearance
- Possess a DoD 8570.01-M IAM I baseline certification (e.g. CompTIA Security+), or be able to obtain one within 6 months of hire
- Technical experience, skills, and course work completed towards an Undergraduate Degree, or industry IT certifications may be considered in lieu of education or DoD security experience requirements
- Familiarity with the NISPOM, DAAPM, and NIST RMF is required
- Experience and familiarity with multiple operating systems such as Windows Server 2012 and 2016, Windows 7 and 10, Red Hat Enterprise Linux, Ubuntu, Mac, etc.
- Demonstrated experience with vulnerability scanning and auditing tools and processes is required
- Excellent written and verbal communication skills are required
- Selected candidate will be subject to a pre-employment background investigation and must be able to obtain and maintain a Top Secret level DoD security clearance
Preferred:
- A minimum of 4 years of IT security experience in DoD Industrial Security is preferred
- Technical experience securing networks and systems utilizing DISA STIGs and/or SRGs is highly desired
- Experience with virtualization technologies is preferred
Education:
- BS degree in Computer Science, Information Technology, Computer Information Systems, or related discipline is required
THIRD PARTY AGENCIES, SUBCONTRACTORS, AND RECRUITERS NEED NOT APPLY. Applicants received from firms will not be considered. Subcontracting is not available for this position. |
