The ISSM isresponsible for the Cybersecurity/RMF Program for classified programs as directed by USG directives and requirements (e.g. JSIG RMF, other Customer/contract specific IA requirements, etc.). Responsibilities for this position include Implementation and oversight of Certification & Accreditation and Assessment lifecycleprocesses (including documentation preparation, system configuration, scans & validation), configuration change managementprocesses (including hardware/software changes, account management, media control procedures and related documentation), conductinginternal self-inspections of thecybersecurity program, executing an effectivecybersecurity program to include continuous systemaudit reviews, education and training and information system delivery and maintenance. Alsoresponsible for the definition, implementation, and maintenance of information systemsecurity policies, strategies, procedures and settings within the L3 Link classified environment. This includes the review and monitoring of Master System Security Plans, Information System Profiles, Network System Security Plans, Standard Operating Procedures, POA&Ms, and related addendums/attachments. This position will also beresponsible for conductinginvestigations related to any information systemssecurity violation involving classified information.
- Develop/conduct risk assessment procedures for verification of Certification & Accreditation (C&A) RMF safeguards to meet various regulatory requirements based upon the JSIG RMF for DoD IT, and occasional support involving ICD 503/DCID, JSIG, NIST & STIG guidelines
- Monitor cybersecurity Program compliance by performing periodic self-inspections, tests and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed
- Work with program personnel to include System Administrators to ensure audit functions are performed properly
- Develop corrective solutions and maintain associated documentation (to include requiredreports) as appropriate
- Coordinate with program/project stakeholders, the Facility Security Officer (FSO), & Contractor Program Security Officers (CPSOs) and other Security and IT team members to define, implement and maintain an acceptable information systems security posture
- Assist program personnel at offsite locations to ensure they meet USG certification requirements and are properly trained to execute the cybersecurity program effectively and maintain security compliance
- Excellent communications skills, oral and written
- Demonstrated strong critical thinking and problem solving skills
- Confident personality with the ability to effectively prioritize multiple projects
- Ability to work with people in a team environment and deal effectively with changing project priorities
- Candidate must have demonstrated professional customer service skills
- Ability to balance information security requirements with Link’s mission, goals, and culture is critical
Experience & Knowledge Requirements
- In-depth knowledge and experience with technical configuration standards relating to information system security; experience configuring Windows operating systems, experience with server systems, thin client architecture, system virtualization and other related peripherals
- Extensive knowledge and experience with certification/authorization requirements as outlined in the NISPOM, RMF, ICD 503/DCID, JSIG, NIST RMF & STIG and other USG IS/Security-related policies
- Knowledge and experience with configuration/certification and auditing/analysis of Windows, Linux, Unix systems
- System configuration would include stand alone, peer-to-peer networks, LANs/WANs
- Experience in implementing Windows Active Directory Services, Group Policy, or Linux LDAP Services.
- Applied experience with Windows PowerShell and Linux Shell Scripting.
- Experience with security information and event management (SIEM) and data loss prevention (DLP) solutions.
- Candidate must provide evidence of DoD 8570 compliant: CISSP, CISA, CISM and/or other equivalent security certification