
Description
Description
SAIC has an opportunity for an Information System Security Officer (ISSO) Contractor support professional to work on an exciting, fast-paced program. This position will work hand-in-hand with the Government customer and contractor teams as well as external teammates across all program security functions. The Vanguard 2.2.1 contract provides full service IT support to the Department of State Bureau of Diplomatic Technology.
The role is 100% onsite in Springfield, VA.
Job duties & responsibilities:
- Experience developing and revising system-specific security safeguards and local operating procedures that are based on relevant guidelines and regulations.
- Experience with NIST SP 800-37, NIST SP 800-53, NIST SP 800-100, NIST SP 800-137 and FedRAMP requirements and providing guidance to project teams on those guidelines and regulations.
- Significant experience producing Information Security Documentations such as Accreditation Packages, Systems Security Plans and developing and maintaining documentation outlining system operating environments for systems which they are responsible for.
- Experience developing, supporting and providing security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, contingency plans and reports.
- Experience coordinating and conducting regular system security audits in support of compliance with the overall System Security Plan to maintain Authority to Operate status.
- Perform vulnerability/risk assessment, scanning, and analysis to support accreditation and other program protection activities
- Assist IT staff with architectural/engineering designs to incorporate appropriate security features, conduct pre- accreditation inspections, and provide assistance in preparation of accreditation documents
- Provide hands-on technical expertise for security related engineering work. Including design, configurations, and changes to firewall configurations/settings/rules/policies, VPNs, SSL certificates, perimeter security, wireless security, IDS/IPS, SIEM, and other security appliances.
- Provide hands-on technical expertise for cloud (AWS/Azure) related security functions, including CASB, VPC perimeter security, OVA image hardening, virtual firewall configurations, DDNS settings, cloud security policy and access list configurations, and in-depth understanding of applying standard federal policies and guidelines in the cloud environment. Implement combinations of NIST, Agency, and Bureau specific configuration guides.
- Monitor the implementation, maintenance, and documentation of mitigating controls.
- Support the office's Change Management processes by reviewing and testing proposed changes for security impact.
- Propose, review, and recommend technical and managerial changes to improve the security posture of systems within the office's purview; oversee implementation of, or directly implement controls selected by office management.
- Advise system owners on security related issues and violations, provide recommendations and guidance on security remediation techniques, methodology, and best practices.
Qualifications
Required Education & Experience:
- Bachelors and ten (10) years or more experience; Masters and eight (8); may accept additional experience in lieu of degree.
- Hands-on technical expertise on computer network design, implementation, and accreditation.
- Hands-on technical expertise on perimeter security, threat analysis, threat prevention, and system security hardening expertise.
- Direct ISSO experience working with accreditations
- Experience interacting with program ISSM staff.
- Self-motivated, organized, and detail oriented. Pleasant and willing to collaborate with others, and a team player.
- Excellent written and verbal communicator.
- Experience briefing technical vulnerabilities, system non-compliance with Information Security policies, and security incidents to project teams and executive level management.
Required Clearance:
- US Citizenship.
- Active Top Secret Clearance.
Desired Qualifications:
- Able to interpret and coordinate system security policies. Implement security controls per documented policies and guidelines.
- Familiarity with applicable Department of State policies (FAM/FAH), procedures and operating instructions related to program security, information assurance and information management
- CISSP or other industry leading security certifications. CCNP or other industry leading network certifications.
- At least 4 years of Network, Windows, and Linux Administration
- Understanding of network and firewall related controls; TCP/IP stack, layer 4 and layer 7 firewall security controls.
- Demonstrable hands-on experience analyzing/correlating logs, network data, security logs, and other artifacts.
- Proficiency in cyber security toolsets (firewalls, IPS/IDS, endpoint protection, incident response platforms)
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Apply on company website