Quantum Research International, Inc

CLOUD SECURITY SPECIALIST/ISSO

Aerospace & Defense
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's in Computer Science or related field, or 5 years of relevant experience
  • 4 years of ISSO experience
  • Practical knowledge of DoD 8510 and NIST 800-53 frameworks
  • Compliance with DoD 8140 and DCWF Code 722 requirements
  • Fundamental understanding of DISA eMASS
  • Active Secret security clearance, with ability to obtain Top Secret clearance

Responsibilities

  • Develop and maintain critical ATO-related documentation
  • Identify applicable Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
  • Coordinate with government System Owner and ISSM for system ATO compliance
  • Advise on IS security requirements per RMF and NIST guidelines
  • Provide security design guidance during all RMF phases
  • Oversee daily system security operations and vulnerability tracking
  • Facilitate Configuration Management processes and CCB participation
  • Prepare Security Impact Assessments for system change requests
  • Review technical security assessments and coordinate vulnerability mitigation
  • Manage security incident response activities in accordance with policies

Benefits

  • Work in a critical defense sector role
  • Opportunities for career advancement within Quantum Research
  • Engagement with cutting-edge security technologies
  • Collaboration with government and military stakeholders
  • Support for ongoing training and certifications
  • Potential for impactful contributions to national security initiatives
Full Job Description
Quantum Research is seeking an experienced Security Specialist / Information System Security Officer (ISSO) to support the an Army Program maintained within the Army's Enterprise Cloud Management Agency (ECMA). The mid-level ISSO will be responsible for maintaining the system's overall security posture IAW DoD RMF requirements. This role includes facilitating and participating in Configuration Control Board (CCB) meetings, evaluate proposed system and architecture changes to confirm security baselines are maintained through approved change management processes, and executing continuous monitoring activities such as reviewing system audits logs, general/privileged user account reviews, RMF documentation creation/maintenance, vulnerability response (CTOs/IAVAs), Information System Contingency Plan (ISCP) Table-Top exercises, and security control artifact development. The ISSO will maintain oversight of configuration management, security scanning and remediation activities, manage the Plan of Action and Milestones (POA&M), and provide cybersecurity guidance to infrastructure team members and on-site personnel to ensure compliance and risk reduction.

Job Responsibilities:

  • Develop and maintain ATO related documentation to include Configuration Management Plan (CMP), Account Management Plan (AMP), Information System Contingency Plan (ISCP), Incident Response Plan (IRP), Business Impact Analysis (BIA), Privacy Impact Analysis (PIA), System Security Plan (SSP), and Concept of Operations (CONOPS).
  • Identify the correct applicable Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) for technologies used within the Information System (IS).
  • Communicate and coordinate with the government System Owner (SO) and/or government ISSM to ensure the system operates within the conditions of the established ATO.
  • Advise the program on IS security requirements, ensuring alignment with RMF, applicable NIST Guidelines/Standards, and DISA STIG/SRG compliance.
  • Provide security design guidance and analysis to project stakeholders across all RMF phases to ensure alignment with security control requirements.
  • Oversee daily system security operations by monitoring control effectiveness, validating access controls, reviewing security audit logs, tracking vulnerabilities, responding to CTOs/IAVAs within government customer's SharePoint site, and coordinating remediation efforts to maintain an acceptable security posture.
  • Act as the Configuration Management (CM) facilitator and voting CCB member, overseeing change control processes and participating in formal decision-making for system modifications affecting security posture and compliance.
  • Prepare Security Impact Assessments (SIAs) for all System Change Requests (SCRs) to support Configuration Control Board (CCB) review and decision-making.
  • Perform annual account reviews and approve all general and privileged user account requests prior to creation, ensuring proper authorization, access justification, and compliance IAW approved policies and procedures.
  • Review technical security assessments, analyze vulnerabilities, and risk data using ACAS, Nessus, and SCAP scan results to identify system vulnerabilities, non-compliance, and appropriate mitigation strategies.
  • Coordinate and manage security incident response activities in accordance with established policies and procedures.
  • Serve as the IS primary POC when communicating with the Security Control Assessor (SCA).
  • Create and maintain Plan of Action and Milestone (POA&M) items within eMASS.


Required Skills and Qualifications

  • Minimum of a Bachelor of Science (BS) degree in Computer Science, Information Systems or five (5) years of comparable work experience
  • 4 years of verifiable ISSO experience
  • Knowledge and practical experience of DoD 8510 and NIST 800-53 Risk Management Framework implementation
  • Candidate must be compliant with DoD 8140; DoD Cyber Workforce Framework (DCWF) Code 722, Information System Security Manager, at the intermediate level. Requires CompTIA Security+ CE or other training and education requirements as identified in DoDM 8140.03
  • Fundamental knowledge of DISA Enterprise Mission Assurance Support Service (eMASS)
  • Security Clearance: Active Secret with the ability to obtain and maintain a Top Secret


Desired Skills and Qualifications

  • Self-starter with the ability to independently identify, prioritize, and execute required tasks
  • ISC2 CISSP Certification
  • AWS/Azure experience


Note: This position is part of Quantum Research Intl 's CAOC (Computing Architecture Operations Center) and is an onsite position in Huntsville, AL

#LI-JL1, #LI-Onsite

About Quantum Research International, Inc

Quantum Research International, Inc. provides engineering, software development, and cybersecurity services to the U.S. Department of Defense and other government agencies. The company offers services in the areas of missile defense, space operations, intelligence, surveillance, and reconnaissance. Quantum Research International also provides software engineering, modeling and simulation, and systems engineering services. The company was founded in 1987 and is headquartered in Huntsville, AL.
Learn more about Quantum Research International, Inc
Size
1,000 employees
Industry
Net Income
$10 million
Founded
1987
5 Year Trend
+20%
Revenue
$100 million

Similar Jobs

More Jobs at Quantum Research International, Inc

More Aerospace & Defense Jobs

Find similar CLOUD SECURITY SPECIALIST/ISSO jobs: