CSCI is in search of an experienced information system security officer to design and enforce policies and procedures that protect our organization's computing infrastructure from all forms of security breaches. You will be responsible for identifying vulnerabilities and working with our Information Technology (IT) department to resolve them, ensuring that our network and data remain secure.
To be successful as an information system security officer, you should have expert analytical skills and in-depth knowledge of best practices to prevent a wide range of security threats. Top candidates will also be excellent communicators, able to train and educate our staff in various information system security topics.
Responsibilities
The candidate's responsibilities include, but are not limited to:

• Identify vulnerabilities in our current network and resident/managed systems.
• Develop and implement a comprehensive plan to secure our Information Systems (IS) and resident systems in accordance with the Joint Special Access Program (SAP) Implementation Guide (JSIG) Risk Management Framework (RMF).
• Develop and maintain IS artifacts for authorization.
• Review and maintain audit logs.
• Review and maintain vulnerability scans, Secure Technical Implementation Guide (STIG) configuration requirements, and Security Content Automation Protocol (SCAP) scans.
• Obtain and maintain Authorization to Operate (ATO) and successfully pass follow-up recertification requirements of our IS and resident/managed systems.
• Create and maintain a Plan of Action and Milestones (POA&M) and provide to Security Control Accessor (SCA) for review.
• Monitor network usage to ensure compliance with security policies.
• Implement a plan, and conduct Continuous Monitoring (ConMon).
• Keep up to date with developments in Information Technology (IT) security standards and threats.
• Collaborate with management and the IT department to improve security.
• Document any security breaches and assess their damage.
• Educate colleagues about security software and best practices for information security.
• Build and maintain positive professional relationship with the customer.
• Develop understanding of the National Institute of Standards and Technology (NIST) Guide to ensure proper protection for the confidentiality and integrity of Personally Identifiable Information (PII) and of Controlled Unclassified Information (CUI) in our current network and resident/managed systems as required.

Skills
Experience:
This position will require presence in a professional office setting in Springfield, VA for 8 hour days, 5 days per week, Mon - Fri.

• A bachelor's degree in computer science, information systems, Cybersecurity, or a related field.
• A DoD Manual 8570 IAM Level II certification.
• Candidate must have ability to communicate effectively and with courteous professionalism while providing user support.
• Candidate should possess good writing and editing skills to aid in writing process and general IT/Information Assurance (IA) documentation.
• A good understanding and knowledge of various computer, network, and security systems and frameworks.
• Exceptional verbal and written communication and customer relation skills.
• Strong analytical, critical thinking, and problem-solving skills.
• Ability to educate a non-technical audience about various security measures.
• The candidate must be cleared at a Top Secret security level.
• Experience developing, implementing, and maintaining IS in accordance with the JSIG RMF.
• Experiencing writing Assessment and Authorization (A&A) documentation and developing processes and procedures for JSIG IS.
• Experience in the IA life cycle within the RMF through at least the initial submission of an ATO and the follow-up recertification process of an IS.
• Experience with the creation and maintenance of a POA&M.
• Experience conducting ConMon Plans of an IS.
• Experience with running SCAP tools for Windows and Linux Operating Systems.
• Expertise reviewing IS compliance of Defense Information System Agency (DISA) STIG for Windows and Linux Operating Systems.

Education:
BA/BS in Information Technology, Computer Science, Cybersecurity, or related discipline. 6 years of work experience in a related field is an acceptable equivalent.
Training/Certifications:
At least one of the following certifications are required.
(ISC)2 Certified Authorization Professional (CAP), (ISC)2 Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practioner (CASP ), ISACA Certified Information Security Manager (CISM), EC-Council Certified Chief Information Security Officer (CCISO)
(ISC)2 CISSP is a highly recognized and may be advantageous to the success of the candidate.
Additional Experience Desired:
The following additional experience is desirable and may help the candidate excel within the position:

• Experience implementing and managing Ivanti Device Control, Nessus Security Scanner, and Splunk.
• Experience with Windows and Linux Operating Systems, along with basic knowledge of both Windows and Linux auditing.
• Basic to mid-level technical IT system administration and/or engineering background.

Requirements - US Citizen / Top Secret/SCI Clearance
Travel:
Minimum
U.S. Citizenship:
Yes
Minimum Clearance:
Applicants are required to have, at a minimum, a TOP SECRET (TS) clearances with Sensitive Compartmented Information (SCI) eligibility based on a Single Scope Background Investigation (SSBI) completed within the last 5 years.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
CSCI stands in support of equality for and advancement of all people based solely upon the merits of abilities and actions alone, without regard to race, creed, color, sex, age, national origin or disability.