- Hanover, MD, USA
- Full Time
Our comprehensive benefits package includes Medical, Dental, Vision, Paid Time Off, Federal Holidays, Bereavement, Jury Duty, Training Leave, Tuition, Training, and Educational Reimbursement, Referral and Recognition-based Bonuses, Life Insurance, AD&D, Short & Long-Term Disability, AFLAC, Legal Shield, 401(k) and matching plan, Credit Union Membership, and Competitive Salaries.
SITEC is seeking a motivated, career and customer-oriented Information Security Officer to join our team in the Hanover, Maryland location.
- Support the government in complying with Agency Systems Security Certification & Accreditation (C&S) processes, to include discovery meetings, achieving Interim Approval to Test (IATT) and in obtaining final Approval to Operate (ATO) status for Systems Security Plans (SSP) associated with all mission systems.
- Work with all appropriate agency elements to gain successful accreditation.
- Provide expertise with agency C&A policy, processes & tools.
- Conduct Preliminary Engineering Planning and Categorization Meetings with the customers
- Develop and maintain documentation required for C&A.
- Update and maintain SSP documentation.
- Fill roles of Information Systems Security Officer (ISSO).
- Manage all security relevant changes to the mission systems, assuring SSP documentation is up-to-date and ATO status is maintained.
- Provide Security Engineering
- Provide Self-testing
- Provide guidance for a Plan of Action and Milestones (POA&M) and Continuous Monitoring Plan
- Perform Pre-Security Controls and Analysis Assessments (PSAs)
- Foster improved security of all systems using Enterprise solutions.
Active/Current TS//SCI with Poly - sponsorship is not available
- Must have a bachelor's degree in a related field (e.g., Business Management, Computer Science, Electrical Engineering, Information Management, Program Management, .)
- OR, two (2) years of additional relevant experience above all experience requirements listed, in lieu of a bachelor's degree.
- Must have at least one Information Security related certification (Security+, CISSP, CISM).
Qualified Applicants Must Have Each of the Following:
- Three (3) years of direct experience with an intelligence community or signals intelligence activity.
- Eight (8) years' experience integrating information assurance disciplines into the system design, development, integration, and implementation.
- Two (2) years' experience identifying Information Protection needs and define System Security Requirements; designing System Security Architecture; developing detailed Security Designs (including system security certifications and project evaluations).
- Two (2) years' experience with Defense in Depth principles and technology including access/control, authorization, identification and authentication, public key infrastructure, network, and enterprise security architecture.
- Four (4) years' experience developing security plans for employing enterprise-wide security architecture.
- Four (4) years' experience assessing and auditing network penetration testing antivirus planning assistance, risk analysis and incident response.
- Four (4) years' experience applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resulting security risk analysis.
- Four (4) years' experience with the Agency Certification and Accreditation process (NISCAP).
- Three (3) years' experience enforcing the design and implementation of trusted relationships among external agency systems and architectures.
- Two (2) years' experience in the implementation of cross domain solutions e.g. an information assurance solution that provides the ability to manually and/or automatically access and/or transfer between two or more differing security domains.
- Two (2) years' experience developing systems that process information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization.
- Two (2) years' experience in network security certifications.
- Two (2) years' experience in system certifications.
- Five (5) years' experience applying of Federal, Agency, intelligence community and DoD Information Security regulations, publications, and policy.
This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Other duties and responsibilities and activities may change or be assigned at any time with or without notice.