Information Systems Security Officer
Modern Technology Solutions, Inc. (MTSI) · Alexandria, VA · 5 days ago
Information Technology$90k–$150k/yrFull-time
Responsibilities
- Perform day-to-day maintenance of systems, including auditing and patch management.
- Perform technical security assessments of complex systems.
- Identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies.
- Apply knowledge of IA policy, procedures, and workforce structure to implement secure networking, computing, and enclave environments.
- Write authorization and accreditation (A&A) documentation and ensure the systems are operated and maintained in accordance with these security plans.
- Enforce the design and implementation of trusted relationships among external systems and architectures.
- Support security planning, assessment, risk analysis, and risk management for client systems and programs.
- Interact with technical team members from multiple organizations in a diversified, team environment.
- Identify overall security requirements for the proper handling of MTSI and client data.
- Perform system or network designs that encompass multiple enclaves to include those with differing data protection/classification requirements.
- Recommend system-level solutions to resolve security requirements.
- Ensure all users have the requisite security clearances, authorizations, need-to-know, and are aware of their security responsibilities before granting access to client systems.
- Conduct periodic reviews of information systems to ensure compliance with the security authorization package.
- Schedule, perform and maintain records of required IS auditing, patching, maintenance, software/hardware changes, and scanning based on evolving threat/vulnerabilities and customer compliance requirements.
- Avoidance of security risks through the design and implementation of trusted relationships among external systems and architectures.
- Perform key functions (above) and other security-related tasks as directed on multiple systems, at multiple sites, or for multiple clients.
- Assess changes to an IS by performing periodic self-inspections, tests, and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities.
- Maintain a working knowledge of IS functions, security policies, technical security safeguards, and operational security measures.
- Experience working on DISA Security Technical Implementation Guide (STIG) implementation across multiple operating systems and applications.
- Cook up information security policies, strategies, and procedures.
- Implement policies and procedures for responding to security incidents, and for investigating and reporting security violations and incidents.
Qualifications
- 5 years of experience in Information Assurance OR 5-8 years of experience in IT with a heavy emphasis on systems administration.
- Experience with Linux Operating System (RedHat Enterprise Linux).
- In-depth knowledge of Microsoft Windows OS (client and server).
- Experience with A&A documentation and system authorization artifacts.
- Knowledge of federal security requirements and mandates (e.g., RMF, JSIG, Federal Information Processing Standards (FIPS), National Standards of Information Technology (NIST)).
- Experience with security architecture, firewalls, and network access.
- Experience with risk managed downloads, IS sanitization and destruction, PEDs, contaminations, incident response, virus scanning, privileged user access, and hardware/software configuration management.
- Excellent oral and written communication skills.
- Strong organizational skills and ability to manage multiple tasks concurrently.
- Excellent time management, scheduling, and organizational skills.
- Ability to work well independently as well as follow detailed instructions for completing tasks.
- Must be a team player and be able to work within all levels of a project team.
Desired Skills
- Experience using security hardening, collection and assessment tools (e.g. SCC, Nessus, Splunk, etc.).
- Strong Microsoft Windows background with some knowledge of UNIX/LINUX.
- Familiarity with security procedures while working in a SCIF/SAPF environment.
- Experience working with Defense Counterintelligence and Security Agency (DCSA).
- Experience with eMASS.
Education Requirements
- Minimum High School diploma is required and a bachelor’s degree in Computer Science, Information Technology, Information Security, or a related field is desired.
- Possess one of the following technical certifications: Security+, CySA+, CISSP, CGRC, SSCP, CISM, GICSP, GSEC, GSLC, or CASP+.
Clearance Requirements
- Have an active TS/SCI security clearance and be read onto a Special Access Program (SAP).
Benefits
- Base pay range: $90,000 to $150,000/year.
- Full range of medical, financial, and other benefits.