Type of Requisition:
Clearance Level Must Currently Possess:
Clearance Level Must Be Able to Obtain:
Public Trust/Other Required:
At GDIT, our people are our business. We pride ourselves on the work our innovators do to support and secure some of the most complex government, defense, and intelligence projects across the world. We wouldn't be successful without our ability to attract new talent to join our team.
We are looking for an Information System Security Officer / Information System Security Manager. This person will serve primarily as the ISSO for the Priority Telecommunications Service Operational Support System, under the Cybersecurity and Infrastructure Security Agency, and secondarily as the ISSM for a related DOD system. A portion of this work will be at a Falls Church, VA facility. Some telecommuting is allowed but must be local to the office .
- Manage the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.
- Responsible for the implementation of information systems security tasks, as required for the safeguarding, handling, and controlling of classified and sensitive information.
- Duties will include but are not limited to technical engineering, administrative processing, compliance reporting, training, and document creation and maintenance.
- Perform tasks related to compliance of Continuous Monitoring (ConMon) Plans (e.g., audit log review, security patching, software and hardware configuration, and change management).
- Conduct physical and virtual reviews and technical inspections to identify and mitigate/remediate potential security weaknesses and ensure that all security features applied to a system are implemented and functional.
- Provide IT security assessment and IT security audit functions to ensure FISMA compliance and improve program-wide cybersecurity, according to NIST standards and industry best practices
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information. Perform preliminary forensic evaluations of internal systems to include updating Security Plans, SOP's, testing, and efforts for successful Assessment and Authorization efforts.
- Interface with CISA and DOD to understand their security needs and oversee the development and implementation of procedures to accommodate them.
- Execute Risk Management Framework Assessment and Authorization through DHS and DOD. Achieve and maintain an ATO with a security posture in accordance with DHS 4300, NIST SP 800-53A, and other NIST publications as guidance. Ensure Plan of Action & Milestone (POA&M) and other compliance and vulnerability issues are remediated in a timely fashion.
- Ensure that the system's FIPS 199 potential impact for the confidentiality, integrity and availability security objectives are consistent with the information types processed, stored, and transmitted by the system. Ensure comprehensive configuration, contingency, and incident response plans are developed for each major application and general support system.
- This critical role requires the applicant to be a self-starter and have willingness to initiate communication with GDIT management and various Government agencies for support and/or compliance requirements.
- Requires ability to work in a team environment as well as independently, demonstrate excellent problem-solving abilities, be well organized, flexible, and self-motivated.
- 10 years of related work experience.
- Bachelor's degree in Computer Science, lnformation Systems, Engineering or a related technical discipline or the equivalent combination of education and work experience.
- Active Secret clearance and ability to receive Entry on Duty.
- DoD 8570 IAM Level II or III certifications (CISSP, CISM, CAP, CASP+, Security +, etc.)
- Demonstrated knowledge of NISPOM, NIST Special Publications (800-37, 800-53, 800-53 a/b, etc.), ICD 503, RMF for DOD and DHS.
- Demonstrated experience with accrediting information systems utilizing DOD and/or DHS Risk Management Framework (RMF) guidelines
- Demonstrated experience working on classified processing systems and handling classified material.
- Demonstrated experience with XACTA 360 and Cybersecurity Assessment & Management (CSAM) tools is desired.
- Demonstrated experience with Microsoft Azure IaaS cloud environment, available Azure services and security concepts.
- Demonstrated experience with Red Hat Enterprise Linux operating system.
- Demonstrated knowledge of how Windows systems leverage Microsoft Active Directory for access control, utilize Public Key Infrastructure (PKI), and Group Policy implementation.
- Demonstrated experience with Windows (10) and Windows Server operating systems.
- Demonstrated experience with Enterprise Mission Assurance Support Service (eMASS)
- Experience reviewing NESSUS vulnerability scans and reviewing audit logs
- Demonstrated experience with Defense Information Systems Agency (DISA) security policies and tools, to include Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRG), SCAP Compliance Checker (SCC), and Information Assurance Vulnerability Alerts (IAVA).
- Demonstrated experience with the following security tools: Splunk, Nessus or Assured Compliance Assessment Solution (ACAS)
- Demonstrated experience collecting and reporting FISMA metrics.
Scheduled Weekly Hours:
Some Telecommuting Allowed
USA VA Falls Church
Additional Work Locations:
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.