JobsEQ by Chmura Logo

Senior Network Cybersecurity Engineer Enterprise ISSO / SCAR Reference #: 1019

Sigma Defense Systems LLC

Location: Tampa, FL, 33647
Type: Full-Time, Permanent, Non-Remote
Posted on: October 13, 2021
This job is no longer available from the source.
Job Description
Reference #: 1019
Sigma Defense Systems has an immediate need for a Senior Network Cybersecurity Engineer - Enterprise ISSO/SCAR with an active TS/SCI clearance to become an integral part of our team!
Job Summary
This position will provide cybersecurity support services and Risk Management Framework (RMF) subject matter expertise to the United States Special Operations Command (USSOCOM) Airborne Intelligence, Surveillance and Reconnaissance Transport (AISR-T) program in accordance with DoD and USSOCOM policies and Special Operations Forces Acquisition, Technology and Logistics (SOF AT&L) Program Executive Office Command, Control, Computer and Communications (PEO-C4) directives and regulations.
Responsibilities (not all-inclusive)
• Supports, as an Enterprise Information System Security Officer (ISSO), the USSOCOM AISR cybersecurity program, which encompasses multiple cybersecurity disciplines, including access control, training and awareness, personnel security, physical security, secure systems design, media protection, cryptographic protection, information system monitoring, incident response, network boundary protection, operations security, endpoint security, anti-tamper/supply chain risk management, software assurance, and anti-counterfeit practices.
• Manages, as a Security Control Assessor Representative (SCAR), all Assessment and Authorization (A&A) steps and activities for identifying, implementing, assessing, and managing AISR-T cybersecurity capabilities and services in accordance will DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT).
• Defines system-specific security control baselines by selecting and tailoring National Institute of Standards and Technology (NIST) Special Publication 800-53 security controls based on the Confidentiality-Integrity-Availability (C-I-A) impact levels of the information and information systems, and by applying any applicable overlays in accordance with Committee on National Security Systems Instruction (CNSSI) 1253.
• Develops RMF Security Authorization Packages for review and approval by the cognizant Security Control Assessor (SCA) and Authorizing Official (AO) in order to obtain Interim Authorizations to Test (IATT), Authorizations to operate (ATO) and Authorizations to Connect (ATC) for Airborne Intelligence, Surveillance, and Reconnaissance information systems, platforms, and networks.
• Processes, manages, and maintains all A&A documentation during the entire information system life cycle using the Enterprise Mission Assurance Support Service (eMASS) or equivalent dynamic online knowledge database used by the customer, to include the System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and any supporting evidence and analysis.
• Performs continuous monitoring and addresses changes in threats, vulnerabilities, and predisposing conditions in the operational environment.
• Ensures that the appropriate operational security posture is maintained for an information system (IS), working in close collaboration with the information system owner and the information system engineers.
• Serves as a principal advisor on all matters, technical and otherwise, involving the security of an IS.
• Has the detailed knowledge and expertise required to manage the security aspects of an IS.
• May be called upon to assist in the development of the security policies and procedures and to ensure compliance with those policies and procedures.
• Plays an active role in the monitoring of a system and its environment of operation to include developing and updating the security plan, managing and controlling changes to the system, and assessing the security impact of those changes.
• Ensures systems are operated, maintained, and disposed of IAW security policies and procedures as outlined in the security authorization package.
• Attends required technical and security training (e.g., operating system, networking, security management) relative to assigned duties.
• Reports all security-related incidents to the Information System Security Manager (ISSM).
• Conducts periodic reviews of ISs to ensure compliance with the security authorization package.
• Serves as a member of the Configuration Control Board.
• Coordinates any changes or modifications to hardware, software, or firmware of a system with the SCA and ISSM prior to the change.
• Formally notifies the ISSM and SCA when changes occur that might affect system authorization.
• Ensures all IS security-related documentation is current and accessible to properly authorized individuals.
• Travels to CONUS and OCONUS sites to perform site assessments and attend technical exchange meetings, conferences and working groups.
• Maintains required cybersecurity certifications.
Required Skills
• Excellent communication skills, both written and oral
• Strong interpersonal skills - team and customer-service oriented
• Strict attention to detail
• Strong organization, facilitation, and time management skills
• Ability to multi-task effectively, prioritize, and execute against multiple priorities
• Ability to work independently and with others
• Demonstrated research and analytical skills
• Ability to generate recommendations based on rigorous analysis and logical arguments
• Ability to produce thorough, exhaustive and accurate A&A documentation
• Ability to produce and present executive-level briefings to program leadership
• Ability to take initiative
• Ability to learn independently
• Ability to process large amounts of data in order to extract and assimilate key points
• Skilled in Microsoft Office Suite including Word, Excel, Power Point and Visio
• Experienced in cybersecurity compliance assessment tools and security information and event management data platforms: Assured Compliance Assessment Solution (ACAS); Continuous Monitoring and Risk Scoring (CMRS); Host-Based Security System (HBSS); Xacta; Enterprise Mission Assurance Support Service (eMASS); Splunk; ArcSight
Required Education and Experience
• 10+ years' experience as a cybersecurity professional working with products and tools related to network systems engineering, vulnerability assessments or information systems risk management (DoD experience highly desired)
• Experienced in managing information systems under the DoD Risk Management Framework or the National Institute for Standards and Technology (NIST) Cybersecurity Framework
• Experienced in applying cybersecurity industry standards and best practices to manage information systems (NIST Special Publication 800 series, ISO/IEC 27000 family of standards)
• Experienced in the DoD vulnerability management process; and compliance standards such as DISA Security Technical Implementation Guides (STIG) and Security Requirements Guides (SRG), and Common Criteria/National Information Assurance Partnership (NIAP) Protection Profiles
• Experienced in project management (PMP certification desired)
• Proficient in the English language
• Bachelor's Degree
• Master's Degree in Computer Science/Cybersecurity/Information Management desired
• DoDM 8570 IAM III-level certification (CISSP or equivalent)
Clearance
• Active TS/SCI security clearance
Benefits
• Health Insurance
• TRICARE Supplement Insurance
• Dental Insurance
• Vision Insurance
• Critical Illness Insurance
• Hospital Indemnity Insurance
• Voluntary Term Life AD&D Insurance
• Group Term Life and AD&D Insurance (100% Employer Paid $100K policy)
• Group Short-Term Disability Insurance (100% Employer Paid)
• Group Long-Term Disability Insurance (100% Employer Paid)
• 401(k) Retirement Plan
• 401(k) Safe Harbor Contribution
• Sigma Profit Share
• Tuition Assistance
• Paid Time Off (PTO)
Work Location
• MacDill AFB, Tampa, FL
Sigma Defense Systems LLC is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Compensation and Hours
Salary Range: Not Available DOE (Depends on Experience) Not Available Other Benefits: Not Available Full or Part Time: Full Time (30 Hours or More) Job Duration: Over 150 Days Type of Job: Regular
Shift: Not Applicable
Hours per Week:
Hours Not Specified
View what local employers are paying Information Security Analysts