The candidate will support the development and maintenance of the Application Messaging Framework (AMF) Systems Security Plans (SSPs).
ISSO tasks include:
MINIMUM REQUIRED SKILLS/EXPERIENCE:
- Identify overall security requirements for the proper operation of AMF.
- Serve as an interface for the Certification and Accreditation (C&A) organization.
- Develop and maintain Systems Security Plans.
- Provide guidance to development and operational efforts regarding Information Assurance (IA) functions.
- Perform security planning, assessment, risk analysis, risk management, certification and awareness activities for systems and networking operations.
- Recommend solutions to implement security requirements.
- Interact with customers, stakeholders and technical staff to define and achieve required IA objectives for AMF.
- Prepare and review certification and accreditation documentation.
- Review audit logs and adjust security posture to ensure continued system operations at defined protection levels.
- Review and ensure proper system updates and patches are administered based on IAVAs and other security patch releases for all operational systems.
- Analyze Vulnerability Scan data and Compliance Reports to coordinate remediation of findings with both AMF and external support teams.
- TS/SCI Clearance with full scope polygraph.
- Bachelor’s Degree or higher in computer engineering or in a field related to the computer engineering or computer science disciplines plus 5 years Security Engineering experience. An additional 4+ years of Security Engineering experience may be substituted for the degree for a total of 9 years.
- One of the following certifications: CAP, CASP+CE, CISM, CISSP (or Associate), GSLC, CCISO
- Working knowledge of system security design process, defense-in-depth/breadth, engineering life cycle, information domains, cross domain solutions, identification, authentication, and authorization, system integration, risk management, intrusion detection, contingency planning, incident handling, configuration control, change management, auditing, certification and accreditation process, principles of IA (confidentiality, integrity, non-repudiation, availability, access control), and security testing.
- Knowledge of the customer’s certification and accreditation process.
- Knowledge of and experience implementing the requirements in ICD 503.
- Experience developing and maintaining SSPs; Knowledge and familiarity with XACTA, LATTEART, scanning tools (e.g., CYBORGBUNNY), and the NIST RMF.
- Able to clearly communicate ideas and status updates to management and other stakeholders.
- Ability to obtain PRIVAC.
- Strong technical writing skills.
- Familiar with Public Key Infrastructure-based authentication.
- Familiar with security policies (especially Intelligence Community policy).
- Understands fundamentals of technical security risk assessment.
- Understands requirements engineering.
- Understands how to perform analysis of alternatives.
BlackLynx, Inc. is proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.
- Two years hands on system administration experience