What you will be doing:Mantis Security is seeking for immediate placement a highly qualified and technical Information Systems Security Officer (ISSO) to lead the Assessment and Authorization (A&A) for multiple analytic mission systems. The ISSO must be proficient in standard A&A activities, and will generate and maintain the complete security body of evidence (BoE) while leading the A&A activities according to the Risk Management Framework (RMF).
The ISSO will work with the software engineers and cloud engineers to ensure applications and systems are developed to meet required security controls, as well as to promote proper security configuration. The candidate should possess 8570 IAT Level II baseline certifications and have working knowledge of the Risk Management Framework (RMF), along with other Intelligence Community (IC) and DoD policy and guidance (ICD 503, CNSSI-1253, etc.). All candidates must have current TS/SCI eligibility with the ability to obtain a CI polygraph to be considered.
Duties Include:- Support to the Assessment and Authorization (A&A) and all Risk Management Framework (RMF) processes (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.) for all multiple information systems
- Work with software engineers, DevOps engineers, release managers, and project management to follow A&A and ATO processes, and ensure Minimum Viable Product (MVP) and full releases are compliant and meet security requirements for continuous delivery to an AWS production environment
- Ensure validity and accuracy review of all associated security documentation
- Create and maintain System Security Plan (SSP), Security CONOPS, Security Test Plan (STP) and Security Test Procedures, document and maintain implementation details of NIST 800-53 security controls
- Plans and performs security functional testing, creates and maintains STPs, supports security assessments
- Utilize Xacta to maintain Security Body of Evidence (BoE) files and to work through the A&A process for each system release cycle
- Provide guidance on the application of security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements, reviewing and determining the adequacy of required documentation
- Manage the plan of action and milestones (POA&Ms) by working with project managers and engineers to develop schedules and engineering actions that mitigate open findings
- Monitor and audit operational systems for proper use
Must have:
- Bachelor's degree with 9 years of experience, or Master's degree with 7 years of experience, or no degree with 13 years of experience
- DoD 8570 IAT Level II certification requirements (one of CCNA Security, CySA+, GICSP, GSEC, Security+ CE, or SSCP)
- Must have current TS/SCI eligibility or Active TS/SCI
- Must be able to obtain a CI polygraph
Nice to have:
- Proficiency with Xacta IA Manager (or Xacta 360)
