Overview

SUMMARYArcticom is seeking an ISSM who will be responsible for coaching and advising a portfolio of programs potentially spanning Collateral, SCI and SAP/SAR levels. The candidate will support information system life cycle activities from rapidly establishing systems to support classified proposals, to scoping systems for new programs and preparing Risk Management Framework packages, to regular maintenance, support and upgrades of systems during program execution, to program close-out and de-certification activities.

Responsibilities

ESSENTIAL DUTIES & RESPONSIBILITIES

The Essential Duties and Responsibilities are intended to present a descriptive list of the range of duties performed for this position and are not intended to reflect all duties performed within the job. Other duties may be assigned.

• Maintain day-to-day security posture and continuous monitoring of application including security event log review and analysis.
• Ensure system security measures comply with applicable government policies.
• Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
• Provide advice and guidance to technical team and client regarding adherence to Federal and DoD Cybersecurity regulations and policies including the Risk Management Framework (RMF) as well as document implementation in Security Controls Tractability Matrix (SCTM).
• Conduct policy reviews and technical inspections to identify and mitigate potential security weaknesses and ensure that all security features applied to a system are implemented and functional.
• Compose policy recommendations, amendments for emerging technologies, automations and processes affecting the application.
• Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
• Draft and/or prepare and maintain security Assessment and Authorization documentation (e.g., IA SOP, SSP, MSSP, RAR, SCTM).
• Research, configure, analyze and/or use software applications for security vulnerability monitoring, security automation and alerting.
• Identify policy conflicts and recommend possible mitigations or solutions.
• Maintain awareness of upcoming customer / government driven changes and challenges and suggests approaches to meet those challenges

Qualifications

QUALIFICATIONS - EXPERIENCE, EDUCATION AND CERTIFICATION

To perform this job successfully, an individual must be able to satisfactorily perform each essential duty. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• 3-5 years’ experience in government cyber security, preferably with RMF and focused on “systems” not “networks”.
• Have CISSP certification or other level III certification per DoD Directive 8570.1.
• Have an active SECRET security clearance .
• Experience with Windows operating environments.
• Experience with Cloud computing/services.
• Must be a US Citizen

KNOWLEDGE, SKILLS, ABILITIES, AND OTHER CHARACTERISTICS

• Write a System Security Plan
• Write a Security Test Plan
• Gather, analyze Security Test Results (STIG checks, scans, manual tests)
• Can advocate for appropriate IA design decisions for N-Tier architectures
• Customer/mission focused with ability to interpret and translate these needs to cybersecurity practices.
• Ability to evaluate, build and implement policies and security processes as well as suggest solutions, compromises and improvements.
• Excellent time management skills; keeps commitments.
• Preferred:
• Previous experience working as a security professional in a SAP/SCI environment
• Familiarity conducting vulnerability scans.
• Familiarity with the ODAA Baseline Standard requirements, Joint Special Access Program (SAP)
• Implementation Guide (JSIG) and Risk Management Framework (RMF).
• Excellent communications skills (written & oral), ability to conduct IS user briefings.
• Expert ability to summarize complex information and communicate at appropriate levels.
• Bachelor’s degree in one of the following but not limited to: Information Technology, Information Assurance, Computer Information Systems, or Criminal Justice.
• Experience in PERSEC, COMSEC and/or program security roles
• Working knowledge of the Agile Development methodology (Preferred)
• Experience using any, or all, of the following tools (Preferred):
• CheckMarx
• SonarQube
• Fortify
• Jira
• Confluence
• Maven
• Jenkins
• Gitlab

NECESSARY PHYSICAL REQUIREMENTS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Employee must maintain a constant state of mental alertness at all times. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Essential and marginal functions may require maintaining physical condition necessary for bending, stooping, sitting, walking or standing for prolonged periods of time; most of time is spent sitting in a comfortable position with frequent opportunity to move about.

DOT COVERED/SAFETY-SENSITIVE ROLE REQUIREMENTS

This position is not subject to federal requirements regarding Department of Transportation “safety-

sensitive” functions

WORK ENVIRONMENT

Work Environment characteristics described here are representative of those that must be borne by an employee to successfully perform the essential functions of this job.

Job is performed in an office setting with exposure to computer screens and requires extensive use of a computer, keyboard, mouse, and multi-line telephone system. The work described herein is primarily a modern office setting. Occasional travel may be required. 

SUPERVISORY RESPONSIBILITIES

None

ADDITIONAL QUALIFYING FACTORS

As a condition of employment, you will be required to pass a pre-employment drug screening and have acceptable background check results. If applicable to the contract, you must also obtain the appropriate clearance levels required and be able to obtain access to military installations.

Shareholder Preference. BSNC gives hiring, promotion, training and retention preference to BSNC shareholders, shareholder descendants and shareholder spouses who meet the minimum qualifications for the job.

Bering Straits Native Corporation is an equal opportunity employer. All applicants will receive consideration for employment, without regard to race, color, religion, creed, national origin, gender, or gender-identity, age, marital status, sexual orientation, veteran status, disability, pregnancy or parental status, or any other basis prohibited by law.

Equal Opportunity Employer/Veterans/Disabled

We participate in the E-Verify Employment Verification Program. We are a drug free workplace.