Founded in 2015, Knack Works was formed to address the demand for cutting edge development environments within the intelligence community. Knack Works is focused on providing scalable, automated solutions that enable our customers to perform their national security missions in an ever-changing environment of new technologies and evolving threats. Our flagship product, the “Knack Stack,” introduces flexible and automated hybrid cloud infrastructure as a service for cloud agnostic deployments and automation. It's designed to automate data management and security. Today, we are fortunate to realize our vision. We operate independently as Knack Works, a subsidiary of Jacobs, retaining our identity as a small business yet with the support from a large company.

Knack Works is seeking to hire an Information Systems Security Office (ISSO) to join our team on-site in Northern Virginia. You will be responsible for the Authorization and Assessment process under the Risk Management Framework (RMF) for a new information system.

Responsibilities:

• Assessing and responding to security-related requests
• Maintaining operational security posture for information systems
• Familiarity with information system security principles
• Create Cyber Security artifacts and formulate RMF packages for systems
• Review and analyze system implementation plans
• Ensure that IT systems have all cyber security controls in place and that the all controls function properly in accordance with the latest NIST standards
• Formulate and execute system assessments, audits, reviews, and contingency testing
• Review, analyze, and interpret technical procedures and regulatory requirements
• Write reports, business correspondence, and procedure manuals
• Identify corrective actions/mitigation strategies to achieve/sustain RMF compliance
• Perform development of responses to Plans of Action & Milestones (POA&M) which account for confidentiality, integrity, and availability

Here’s What You’ll Need:

• Bachelor of Science degree in Information Technology, IT Security, Network Systems Technology or related field or 4 years’ experience in lieu of degree plus eight (8) to twelve (12) years of directly related experience or any equivalent combination of education, experience, training and certifications
• Active TS/SCI w Polygraph required
• Experience with IC Information Security, i.e. identifying, documenting, and testing controls working system through all steps of accreditation
• CISSP, Security or CISA
• Perform selection, implementation, validation, and establishment of baseline of NIST800-53/CNSSI-1253 controls
• Experience with vulnerability assessment scanning tools and reporting, such as NESSUS,Rapid7, etc.

Preferred:

• Experience using Governance/Risk/Compliance (GRC) tools such as Xacta, ServiceNow, etc.
• AWS cloud platform experience