Job DescriptionResponsible for supporting adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications.
In this Cybersecurity, ISSO opportunity you will make impacts in the following ways;- Responsible for supporting adherence to all aspects of a rigorous Risk Managed Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications.
- Support the Information System Security Manager in obtaining and maintaining Authority to Operate (ATO) approvals for various systems by adhering to the Risk Management Framework (RMF).
- Support the ISSM to ensure all security certification and accreditation documents in relation to all classified systems are up to date.
- Ensure continuous monitoring (e.g. weekly, monthly, etc.) in accordance with cognizant security authority requirements are being implemented and met.
- Supports cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include supporting the development and management of System Security documentation, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls, and continuous monitoring of controls.
Because of the need for consistent, in-person collaboration and/or the requirement to perform all work onsite due to the nature of this role, it will be performed
full-time on site. This means work will be conducted on location at a BAE Systems facility 100% of the time.
Required Skills and Education- An active Secret Clearance and an IAM Level I certification commensurate with DoD 8570.1M
- 2 or more years of relevant cybersecurity experience pertinent to the position, and a minimum of a high school diploma.
- High level of personal motivation and initiative to learn and acquire new skills, and adapt seamlessly to an ever-changing security environment
- Customer focused, excellent communicator and ability to work with limited supervision.
- Strong organizational skills
- Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), program personnel and government security representatives.
Preferred Skills and Education- Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
- Working knowledge of information security technology
- Working knowledge of information security management and compliance
- Experience with auditing and certifying compliance of various systems (Windows, Linux, Network Devices and peripherals).
- Experience with the preparation of Assessment and Authorization (A&A) documents and procedures
- Experience with development and delivery of IA-related briefings and training material.
- Experience with compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).