"Alerted.org

As an ISSO on our program, you’ll detect, evaluate, and document the security configuration of developmental and operational tools and security impacts, and make improvement recommendations. Coordinate work with in-house teams, subcontractors, and vendors to identify the right mix of tools and techniques to translate your customers’ IT needs and future goals into a plan that will enable secure and effective solutions.

As an ISSO on our team, you’ll advise the client, leading the discovery of their cyber risks, understanding applicable policies, and developing a mitigation plan. You’ll oversee the analysis of technical, environmental, and personnel details from technical subject matter experts and engineers as your team reviews the entire threat landscape. Then, you’ll guide your client through a plan of action with presentations, whitepapers, and milestones. Your client will rely on you to translate security concepts, so they can make the best decisions to secure their mission-critical systems.

Requirements

+ 3+ years of experience as an Information System Security Officer (ISSO) or Information System Security Analyst (ISSA)

+ Experience conducting tools assessments and configuration analysis against best practices, vendor specifications, and government security guidelines and requirements

+ Experience with the implementation, oversight, and maintenance of the security configuration, practices, and procedures for systems

+ Experience with implementing controls from NIST 800-53, FedRAMP, ICD 503, RMF, and DoD Information Levels, including applying them to the design and implementation of information technology solutions to achieve an authorization to operate (ATO)

+ Experience with eMASS or Xacta IA Manager

+ Ability to perform risk analysis

+ Active TS/SCI clearance; willingness to take a polygraph exam

+ Associate’s degree and 5+ years of experience supporting IT projects and activities, Bachelor’s degree and 3+ years of experience supporting IT projects and activities, or Master’s degree and 1+ years of experience supporting IT projects and activities

+ DoD 8570 IAT Level II Certification, including CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP Certification

+ Must obtain a DoD 8570.01-M CSSP Infrastructure Support Certification, including CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND certification prior to start date on the contract

Additional Qualifications:

+ Experience with DoD security technical implementation guides (STIGs), checklists, and testing tools, including STIG Viewer, SCAP, and ACAS scanning tool

+ Experience assessing configuration changes, such as new COTS tools or web application upgrades, to system security boundary

+ Experience drafting tool implementation CONOPS and reviewing tool or capabilities topologies, CONOPS, and vulnerability scans to assess risk

+ Experience with cyber-related tools such as Ansible, Terraform, Splunk, or STIG Viewer

+ Knowledge of cloud-native security tools, including HBSS

+ Knowledge of Zero Trust principles and concepts

+ Ability to plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks

+ Ability to work within a collaborative team and a fast-paced dynamic environment

+ Possession of excellent written, organizational, presentation, and verbal communication skills

+ AWS, Azure, or GCP Certification