General Dynamics Information Technology Information System Security Officer (ISSO) in Natick, Massachusetts
Type of Requisition: Regular
Clearance Level Must Be Able to Obtain: Top Secret
Public Trust/Other Required: SSBI (T5)
Job Family: Information Security
Join an exciting and dynamic team delivering a large-scale Enterprise Common Tools cloud platform, automation & orchestration, and Cloud Application Migration effort for the Army. This team works in a dynamic and fast-paced environment, with engineering, migration, and operations & sustainment of cloud migration efforts. Enterprise Common Tools and specific Army program customer migration efforts provide a range of day-to-day challenges, while the bigger picture architecture and migration efforts provide tangible milestones that the team pursues together following AGILE practices, to deliver the overall program effort. We’re looking for self-starter Leads and technical engineers, to work both as part of the team and on individual assignments, in an environment of customer mission delivery, integrity and communications. We’re looking to fill this role/team with those who currently have the cloud experience, certifications, and skills to execute in large enterprise environments, are flexible and enjoy tackling challenges, and desire to join a large team that is building and sustaining a large multi-tenant cloud platform/enterprise and migrating/expanding/automating the enterprise. If this sounds like you and you love to learn and grow with a team while delivering program milestones, then we’d love to hear from you!
Provide cybersecurity/information assurance support for PEO EIS Managed Service Provider, particularly conducting NIST 800-37 Risk Management Framework (RMF)/NIST 800-53 security control implementation activities/tasks to obtain and maintain an Authorization to Operate (ATO).
Prepare and review system documentation to include Policies, Standard Operating Procedures, Assessment & Authorization (A&A) packages, architecture diagrams, contingency plan, incident response plan, and other documentation.
Ensure established security processes and procedures are developed and followed to maintain operational security posture with minimal risk for cloud system(s).
Coordinate with engineers/sysadmin to perform vulnerability scanning, risk assessment analysis using vulnerability management tools (ACAS) and prepare responses to Plan of Action and Milestones (POA&Ms) for IA compliance.
Maintain eMASS records and RMF artifacts to support systems’ ATO
Work on large-scale and adhoc projects, supporting enterprise-level activities
Develop and manage the POA&M tracker and Risk-Based Decisions (RBDs)/ Waivers for deficiencies
Evaluate system’s risk in respect to operation at the network, system, and at application level
Develops, reviews, and maintains policy/guidance documents, Scan Results, and test result artifacts
Conducts regular assessments of continuous monitoring activities and the security controls that have been implemented to support those activities.
Demonstrates an understanding of vulnerability management; specifically, how to respond to vulnerability reports and which remediation actions are appropriate to take.
Understands the process of information system categorization and how to use that process to select security controls to create system and accreditation documentation.
Maintains knowledge of relevant network and security technologies and trends.
Requires BA/BS (or equivalent experience) and 8+ years experience in Information Security, IT Assurance, IT Governance, Risk Management and/or Cyber Engineering.
8570 Certification IAM/IAT Level II or Level III
Experience with DoD 8510 and NIST 800-53, NIST 800-37, FIPS 199, DoD requirements/regulations
Ability to analyze, troubleshoot, and prioritize needs, requirements and other issues
Excellent communication (written/verbal), teamwork, leadership and conflict management skills
Experience working in an enterprise environment supporting enterprise service for MilCloud and commercial cloud extension/ deployment
Experience using eMASS, ACAS/Nessus, HBSS, STIGs, Fortify, WebInspect, ServiceNow, etc.
Has expertise with several security platforms, including but not limited to firewalls, intrusion detection systems, two-factor authentication systems, antivirus systems, secure email gateway appliances, web filtering proxy, security information and event management (SIEM) platforms, data-loss prevention, vulnerability detection & remediation, content filtering and identity & access management
Requires highly effective communication and interpersonal communication skills. Must be able to conduct briefings, and correctly interpret security control verbiage
Requires strong analytic and problem-solving skills and the ability to adapt to a changing environment. Must be able to identify, and if necessary, modify proposed recommendations that effectively address business and control needs.
Active Secret Clearance with SSBI, or favorable T5
- Active Secret Clearance with SSBI, or favorable T5
- Telework 80%, with one day a week on-site at Fort Belvoir, VA
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
General Dynamics Information Technology
- General Dynamics Information Technology Jobs