ISSO/ISSE- Hybrid (Philadelphia)
About the role
Ishpi Information Technologies, Inc. (DBA ISHPI) seeks an ISSO/ISSE to provide Risk Management Framework (RMF) and cybersecurity support to Naval Surface Warfare Center, Philadelphia Division (NSWCPD) Code 418 Information Technology Operations. The role involves maintaining AO approvals and ATOs, assessing and documenting NIST SP 800-53 security controls, performing automated vulnerability assessments, conducting RMF Annual Security Reviews, managing RMF system packages, developing POA&Ms, and evaluating and mitigating vulnerabilities.
Responsibilities
- Maintain Authorizing Official (AO) Approvals and Authorizations to Operate (ATOs) by performing Continuous Monitoring (CM) activities IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
- Assess, document, and review NIST SP 800-53 security controls IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
- Perform automated vulnerability assessments utilizing DoD, Navy, and NAVSEA approved tools such as Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), Evaluate-Stig, and eMASSter.
- Perform RMF Annual Security Reviews (ASRs) IAW the RMF Process Guide (RPG), NAVSEA Business Rules, and NAVSEA Standard Operating Procedures (SOPs).
- Document, assess, and seek approval for system/baseline changes IAW Navy Authorizing Official (NAO) and Functional Authorizing Official (FAO) guides as documented in the NAVSEA Business Rules.
- Manage and maintain RMF system packages and the required A&A artifacts in Enterprise Mission Assurance Support Service (eMASS) IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
- Develop and maintain Plans of Action and Milestones (POA&Ms) for systems in eMASS.
- Develop and maintain project integrated master schedules for RMF projects.
- Evaluate, remediate, and mitigate technical and non-technical vulnerabilities.
- Provide cybersecurity patching of assets as required by DoD and DoN TASKORDs, FRAGORDs, or as designated by Command ISSM, ACIO, and/or Code 418 management.
- Ensure correct application and implementation of DoD Security Technical Implementation Guides (STIGs) and Security Requirements Guide (SRGs).
- Lead or assist with developing, maintaining, and tracking Risk Management Framework (RMF) system security plans to include System Categorization, Security Control Set, Platform Information Technology (PIT) Determination Checklists, Assess Only (AO) Determination Checklists, Implementation Plans, System Level Continuous Monitoring (SLCM) Strategies, System Level Policies, Hardware Lists, Software List, System Diagrams, Privacy Impact Assessments (PIA), and other package evidence or implementation guidance as required.
Requirements
- Bachelor’s degree in Computer Science, Information Technology, Information Assurance, CyberSecurity, or an equivalent technical degree from an accredited college or university.
- Three (3) years or more of direct experience performing the above duties as an ISSO, ISSE, or Navy Qualified Validator (NQV) within a DoD component.
Qualifications
- Minimum Certification Requirement includes one of the following: CGRC, SecurityX, CISM, CISSP, GSLC, CCISO, CCNA/CCNP Security, CySA+, GICSP, CND, GSEC, Security+ CE, SSCP, CISA, GCED, GCIH.
Skills
- Knowledge of RMF process and procedures.
- Experience with DoD, Navy, and NAVSEA policy, guidelines, and directives.
- Ability to perform automated vulnerability assessments.
- Experience with RMF Annual Security Reviews and ASRs.
- Experience with RMF system packages and A&A artifacts management.
- Experience with developing and maintaining POA&Ms.
- Experience with evaluating and mitigating vulnerabilities.
- Experience with STIGs and SRGs implementation.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Qualification Requirements
- U.S. Citizenship and an active government security clearance.
Equal Opportunity Employer
Ishpi Information Technologies, Inc. is an Equal Opportunity Employer. All qualified candidates will be considered without regard to legally protected characteristics.