Information Systems Security Engineer

Data Intelligence, LLC (DI) is searching for a Sr. ISSO/ISSE. This position will provide Risk Management Framework (RMF) and cybersecurity support to Naval Surface Warfare Center, Philadelphia Division (NSWCPD) Code 418 Information Technology Operations. These duties include but are not limited to: 

• Provide full life cycle DoD Risk Management (RMF) support 
• Perform system scans of hardware/software builds using ACAS (or related tools)
• Assist in the Assessment & Authorization (A&A) process, supporting development of documentation required to obtain a system ATO.
• Develop Plans of Actions and Milestones (POA&Ms) to track vulnerabilities, correcting/mitigating discrepancies prior to release.
• Use the eMASS Information Assurance Compliance Tool to assure that deployed systems are properly configured and patched.
• Maintain the system’s Accreditation Package through continuous monitoring.
• Update and create documentation to support the baseline changes that occur throughout the system lifecycle in accordance with Department of Defense Instruction 8510.01, RMF for DoD IT procedure

Required Skills/Experience

• Bachelor’s degree in Computer Science, Information Technology, Information Assurance, CyberSecurity, or an equivalent technical degree from an accredited college or university.
• At least a secret level security clearance that is current and active
• Ability to work onsite in Philadelphia, PA
• Seven (7) to Ten (10) years of direct experience performing the duties below as an ISSO, ISSE, or Navy Qualified Validator (NQV) within a DoD component.:
  • Maintain Authorizing Official (AO) Approvals and Authorizations to Operate (ATOs) by performing Continuous Monitoring (CM) activities IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
  • Assess, document, and review NIST SP 800-53 security controls IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
  • Perform automated vulnerability assessments utilizing DoD, Navy, and NAVSEA approved tools such as Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), Evaluate-Stig, and eMASSter.
  • Perform RMF Annual Security Reviews (ASRs) IAW the RMF Process Guide (RPG), NAVSEA Business Rules, and NAVSEA Standard Operating Procedures (SOPs).
  • Document, assess, and seek approval for system/baseline changes IAW Navy Authorizing Official (NAO) and Functional Authorizing Official (FAO) guides as documented in the NAVSEA Business Rules.
  • Manage and maintain RMF system packages and the required A&A artifacts in Enterprise Mission Assurance Support Service (eMASS) IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
  • Perform System Level Continuous Monitor (SLCM) IAW approved System Security Plans (SSPs) in eMASS.
  • Develop and maintain Plans of Action and Milestones (POA&Ms) for systems in eMASS.
  • Develop and maintain project integrated master schedules for RMF projects.
  • Evaluate, remediate, and mitigate technical and non-technical vulnerabilities.
  • Provide cybersecurity patching of assets as required by DoD and DoN TASKORDs, FRAGORDs, or as designated by Command ISSM, ACIO, and/or Code 418 management.
  • Ensure correct application and implementation of DoD Security Technical Implementation Guides (STIGs) and Security Requirements Guide (SRGs).
  • Lead or assist with developing, maintaining, and tracking Risk Management Framework (RMF) system security plans to include System Categorization, Security Control Set, Platform Information Technology (PIT) Determination Checklists, Assess Only (AO) Determination Checklists, Implementation Plans, System Level Continuous Monitoring (SLCM) Strategies, System Level Policies, Hardware Lists, Software List, System Diagrams, Privacy Impact Assessments (PIA), and other package evidence or implementation guidance as required.

Required Certification

• At least one of the following certs:
  • IAT Level III: SecurityX (formerly CASP), CCNP Security, CISA, CISSP, GCED, GCIH, CCSP
                                                         OR
  • IAM Level II: CAP, SecurityX (Formerly CASP), CISM, CISSP, GSLC, CCISO, HCISPP

Data Intelligence, DI is an established small business that has supported the critical missions of our government clients since 2005. We provide full life cycle system development, systems engineering, cybersecurity, and supporting analytical and logistics support to C4ISR and other complex systems. We are an equal opportunity employer that offers competitive salaries, comprehensive benefits, a team-oriented environment, and opportunities for advancement. Our excellent employee retention record reflects our employee focus. We work with Veteran’s organization to proactively hire those who have served our country. We offer medical, dental and vision insurance, 401k, PTO and 11 paid holidays.

Data Intelligence is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.