Are you passionate about solving challenging problems?
Do you thrive being a critical part of an elite team of like-minded people?
How would you like for your next career move to take you to the next level?
If any of this sounds appealing, look no further.
The Information System Security Officer will support a National Defense Agency. You will have the opportunity to work as part of a fast-paced team of world-class engineers to modernize our customer’s global network, infrastructure, and services by applying your A&A skills. You will have the opportunity to shape, influence, and enable security compliance policies and to streamline the traditional RMF process by stewarding DevOpsSec concepts.
- Support software accreditation and strategic adherence to all aspects of the Information Assurance (IA) program as stipulated by various USG requirements including (but not limited to): Director of Central Intelligence Directives (DCID), Intelligence Community Directive (ICD) 503 and associated NIST publications
- Preparation of Assessment and Authorization (A&A) documents and procedures
- Work with software development teams to provide guidance and oversight into the implementation of security controls and other related security best practices
- Utilize automated security tools to track and manage vulnerabilities of the software development process. Tools include: Dependency-Track, OWASP ZAP, and Sonarqube.
- Interface with other IA teams, program personnel, and government security representatives
- Demonstrated experience in Assessment and Authorization using Risk Management Framework (RMF) and/or Intelligence Community Directive (ICD) 503, and DISA Security Technical Implementation Guidance (STIGs)
- Demonstrated experience coordinating the process between Security Controls Assessors (SCAs) and development teams, managing and contributing to System Security Plans, Security Control Traceability Matrices, Software/Security Configuration Management, etc.
- Demonstrated experience working with Xacta, and familiarity with associated policies/procedures and workflows
- Knowledge of creating and maintaining Plan of Action and Milestones (POA&M) to resolve security findings within a defined schedule as needed.
- A working knowledge of standard security mechanisms for compliance such as public key infrastructure, encryption, network access control lists, whitelisting, blacklisting, identity and access management, etc.
- Possess and maintain required DoDD 8140 certification (Security+ minimum, CISSP/CASP preferred)
- Understanding of classified networks, systems and the Software Development Life Cycle (SDLC)
- Must be able to manage multiple priorities and complex tasks in a dynamic work environment
- Familiarization with Federal Information Processing Standard (FIPS) 199 and 200, and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems‟, Committee on National Security Systems Instructions (CNSSI) 1253, and NIST SP 800-53
Desired (Not Required) Skills:
- Technical experience with security engineering to help development teams understand security requirements and articulate the implementation to Security Control Assessors
- A working knowledge of security assessment tools that provide Code and Environment Vulnerability Scanning (i.e. ACAS/Nessus, SCAP, SonarQube, Fortify, etc), Dependency Checking (i.e. OWASP Dependency Checker)
- Experience leading accreditations on multiple networks - JWICS, SIPR, NIPR, etc.
- Working knowledge of cloud services, inheriting controls from C2S/SC2S, etc
- A track record of increasing professional responsibility, managing A&A activities independently or as part of a team
- Experience working in an Agile environment, and experience with JIRA, Confluence
- Have a strong work ethic and willingness to learn
- Are willing to gain a solid understanding of all security requirements and work across multiple teams
- Create and foster a collaborative environment
- Ability to build strong working relationships across all levels of the organization internally and with partners externally
Security Clearance: Top Secret SCI with Polygraph
So, what does Novetta do?
We focus on three core areas: Cyber, Entity, and Multi-Int Analytics. Our products are focused on processing and analyzing vast amounts of data in these core areas. Our services are focused on helping our customers move from complexity to clarity. At Novetta, we bridge the gap between what our customers think they can do and what they aspire to achieve.
Our culture is shaped by a commitment to our Core Values:
- Integrity: We hold ourselves accountable to the highest standards of integrity and ethics.
- Customer Mission Success: Customer mission success drives our daily efforts—we strive always to exceed customer expectations and focus on mission success beyond contractual commitments.
- Employee Focus: We value our employees and demonstrate our commitment to them by providing clear communications, outstanding benefits, career development, and opportunities to work on problems and technical challenges of national significance.
- Innovation: We believe that innovation is critical to our success – that discovering new and more effective ways to achieve customer mission success is what makes us a great company.
GET A REFERRAL BONUS FOR THE GREAT PEOPLE YOU KNOW!
With our amazing referral program, you could be eligible to earn
outstanding rewards for referring qualified new hires to Novetta.
Novetta is an equal opportunity/affirmative action employer.
All qualified applicants will receive consideration for employment without regard to sex,
gender identity, sexual orientation, race, color, religion, national origin, disability,
protected veteran status, age, or any other characteristic protected by law.