Job Abstract

ID

2024-7188

Work Region

CONUS

Category

Hidden (18027)

Clearance

Secret

MAG is currently looking for a Information Systems Security Officer (ISSO) to provide a variety of services leveraging the Risk Management Framework (RMF) accreditation. The ISSO will serve as the Information Systems Security Officer (ISSO) and Risk Management Framework (RMF) 2.0 Subject Matter Expert (SME) for the DoD System Authorization and Accreditation process for PM MC products.

Services are associated with validation, approval, and sustainment of cybersecurity accreditation packages. Performs and analyze a range of Information Security Systems Officer(ISSO) activities and assist with the development and implementation of security policies. Under the direction of leadership, this position will perform IT security engineering and assessment work in accordance with established procedures and protocols. Ensures the demonstrable Confidentiality, Integrity and Availability (CIA) of information assets for authorized internal and external users by reviewing, validating, classifying, and responding to security events and cyber-attacks. The position will assist with meeting the requirements of all four domains (Security Oversight, IT Risk Assessment, Security Engineering, and Security Operations) and focus on depth upon the domain requirements of Security Operations and IT Risk Assessment. This position will provide education to others on IT security risk remediation/mitigation and industry best business practices.

***Must be a US Citizen***

Essential Duties and Responsibilities include the following. Other duties may be assigned.

• Review, assess, and manage systems’ security requirements and validation methods via Enterprise Mission Assurance Support Service (eMASS).
• Provide cybersecurity systems engineering oversight on applications development projects to ensure the appropriate security configuration of the operating environment are enforced.
• Review and assess systems’ security implementation via product-reported Assured Compliance Assessment Solution (ACAS) Vulnerability scans, Defense Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) and Security Requirements Guides (SRGs), and source code vulnerability scans where applicable. Identify, communicate, and support resolution of deficiencies in security implementation reporting with product teams.
• Manage Plan of Action and Milestone (POA&M) records with PM MC product teams.
• Communicate DoD RMF system accreditation processes, documentation requirements, and security hardening reporting requirements to PM MC Product development teams during Integrated Product Team (IPT) and working group meetings.
• Provide security considerations to inform systems/development engineering efforts to reduce errors, flaws, and weakness that may constitute security vulnerability leading to unacceptable asset loss and consequences.
• Facilitate continuous monitoring activities with product network/system/development engineers.
• Coordinate with Engineering and other Cybersecurity personnel to implement and enforce security policies and patch management processes.
• Provide technical consultative/advisory services to the PM/Product Manager (PdM) to review proposed new systems, networks, and software designs for potential security risks.
• Identify and/or assess vulnerabilities and susceptibility to life cycle disruptions, hazards, and threats.
• Support development of program cybersecurity policies and procedures to ensure information systems reliability and accessibility in accordance with Army/DISA requirements to prevent and defend against unauthorized access to systems, networks, and data; for short- and long-term mission and goals of the PM.
• Collaborate responses for Army Cyber (ARCYBER) Cyber Tasking Order (CTO) compliance reporting and vulnerability remediation/mitigation requests for information (RFIs).
• Participate in Configuration Management/Review Boards to provide Cybersecurity input.
• Support system accreditation and Security Control Assessor – Validation events.

Minimum Requirements

Knowledge and Skills

• Capability to perform duties as outlined above
• Fluent in DoD RMF2.0 policies and processes
• Fluent in the use of eMASS
• Fluent in analyzing ACAS Vulnerability scans, DISA STIGs/SRGs, and processes related to residual risk identification
• Capability to communicate across cross-functional teams
• Familiarity with Systems Security Engineering (SSE) documentation (e.g. Cybersecurity Strategies, Information Support Plans, Program Protection Plans (PPPs))
• Knowledge of, and skill in applying DoD RMF to conduct risk and vulnerability assessments of planned and installed information systems and identify vulnerabilities, risks, and protection needs
• Knowledge of AR 25-2 Army Cybersecurity and DoDI 8510.01 Risk Management Framework (RMF) for DOD Information Technology (IT)

Education and Experience

• BA/BS degree or equivalent in Computer Science, Information Systems, Engineering, with 2-years related technical experience.

Industry Certification Requirements

• The position requires DoDI 8570 Information Assurance Technical (IAT) Level II or Information Assurance Management (IAM) Level II certification upon hire.

Desired Requirements

• Experience with identifying applicable STIGs, integrating security controls, and validating their implementation on Linux OSs, Microsoft Windows & Windows Server, Microsoft Office, VMware, Cisco IOS, Windows and Palo Alto Firewall, Network, modem, containers, and Hyper-V products
• Fluent in conducting ACAS Vulnerability scans and DISA STIGs/SRGs
• Familiarity with Army Systems Acquisitions Process, milestone decision points, and related cybersecurity artifact requirements

Clearance

• Current DoD Secret Clearance

The position is contingent upon candidate’s ability to meet physical and medical requirements as needed by the position; including compliance with all applicable federal, state, and local jurisdictional requirements.

Government or customer site-specific requirements may include, but are not limited to, proof of full COVID-19 vaccination status, except in circumstances where a candidate is legally entitled to an accommodation.

MAG Aerospace (MAG) is an Equal Opportunity/Affirmative Action Employer and is committed to Diversity and Inclusion. We encourage diverse candidates to apply to our positions.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Click below for the “Know Your Rights” and “Pay Transparency Nondiscrimination” supplement posters.

https://www.dol.gov/agencies/ofccp/posters

MAG Aerospace (MAG) is committed to providing an online application process that is accessible to all, including individuals with a disability, by offering an alternative way to apply for job openings. This alternative method is available for those who cannot otherwise complete the online application due to a disability or need for accommodation.
MAG provides reasonable accommodation to applicants under the guidance of the Americans with Disabilities Act (ADA), Section 503 of the Rehabilitation Act of 1973, the Vietnam-Era Veterans’ Readjustment Assistance Act of 1974, and certain state and/or local laws.

If you need assistance due to a disability, please contact the MAG Aerospace Recruiting email:
Applicant.Assist@mag.us or call (703) 376-8993.