Paragone Solutions is seeking an Information Systems Security Officer who leads the evaluation of cyber security risks (external & internal threats, platform & application vulnerabilities, data protection, etc.), testing controls designed to mitigate risk, communicating issues and findings to management, devising solutions for business improvements, and following-up on corrective actions, may participate on and lead professional teams to execute technical audit projects focused on evaluating the effectiveness of cyber security governance, tools and operations, may evaluate the design, effectiveness and efficiency of information technology and security processes, procedures, and technical controls including solution implementations, identify and address systemic gaps in cyber security risk management.

This is a full-time, on-site position located at Aberdeen Proving Ground, MD. Experience with classified authorizations required, NSA or other is desired. Knowledgeable in eMASS, continuous monitoring requirements, RMF 2.0, DISA STIGs, etc.

This position requires an Active DOD Top Secret (TS) Clearance with SCI and Poly. If a candidate does not have a polygraph, they must be willing to undergo a polygraph investigation.

Qualifications:

• Perform all ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and AR 252.
• Responsible for ensuring the appropriate operational security posture is maintained for the information system (IS) on multiple security domains and classification to met Intelligence Community (IC), DoD and Army cybersecurity/information assurance regulations and policies.
• Direct experience with implementation of DOD-I-8500, DOD-I-8510, ICD 503, NIST 800-53, CNSSI 1253, Army AR 25-2, and RMF security control requirements and able to provide technical direction, interpretation and alternatives for security control compliant.
• Develops, reviews, evaluates and verifies self-testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS), Cloud, On-Prem, Tactical, etc., within the programs portfolio.
• Ensure the appropriate organizational operational security posture is maintained for the assigned Army IS.
• Maintain organizational situational awareness and initiate actions to improve or restore cybersecurity posture of assigned IS.
• Implement and enforce assigned Army IS cybersecurity policies and procedures, as defined by cybersecurity-related documentation.
• Ensure Army IS cybersecurity-related documentation is current and accessible to properly authorized individuals. Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
• Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool to include, System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required by ICD 503, NIST 800-53, CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO). Direct experience with eMASS, XACTA or other other A&A repositories required.
• Relevant experience must be in computer or information systems design/development and with information assurance and accreditation processes (e.g., System Security Plans, Risk Assessment Reports, Certification and Accreditation Packages, and System Requirements Traceability Matrices).
• Review unit or product vendor RMF BOE and grovides guidance and oversight.
• Fully understand DISA Port Protocol, and Services Management (PPSM) requirement and able to obtain PPSM account for management of PPSM for supporting systems.
• Must be willing to travel, as needed, 25% and more.

Additional Requirements:

• MS degree plus 5 or more years directly related experience; or BS degree plus 7 or more years of directly related experience.
• Degree: Computer Science or a related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Cyber Security, Information Technology, Information Security, and Information Systems) degree required
• Active TS/SCI (SI/TK) w/CI poly
• Primary Certifications - one or more of the following required: CISSP, CSSLP, CCSP or CASP CE (must also have Linux Cert).
• Additional Certifications - one or more of the following is a plus: Linux , RHEL, or other Linux type certification or training.

Powered by JazzHR