Provide high-level ISSE support to integrate cybersecurity requirements and implement security controls throughout the RMF lifecycle, ensuring agency systems achieve and sustain their ATO. Coordinates with system owners and security personnel to prepare systems for authorization, categorize information and impact levels, select and tailor security controls, and document their implementation. This support extends to assessing security controls, contributing to authorization packages, and continuously monitoring the security posture of systems to ensure ongoing compliance and risk management.

REQUIREMENTS:

• Active Secret security clearance
• At least 5 years of related experience
  DoD IAT II required certification/s (one of the following):
  o CCNA-Security
  o CySA+ (CSA+)
  o GICSP
  o GSEC
  o Security+ CE
  o CND
  o SSCP
  CSSP-IS required certification/s (one of the following):
  o Security+ CE
  o CySA+
  o GCIA
  o GICSP
  o GSEC
  o CEH
  Location: Remote Work Available - Fort Lee, VA or Smyrna, GA
  Job Types: Full-time, Contract
  Pay: $142,000.00 - $149,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Professional development assistance
• Referral program
• Tuition reimbursement
• Vision insurance

Application Question(s):

• Do you have at least on of the following certifications:

o CCNA-Security
o CySA+ (CSA+)
o GICSP
o GSEC
o Security+ CE
o CND

o SSCP

• Do you have at least one of the following certifications:

o Security+ CE
o CySA+
o GCIA
o GICSP
o GSEC
o CEH

Experience:

• ISSE: 5 years (Required)

Security clearance:

• Secret (Required)

Work Location: Remot

• Coordinates with the Information System Owner (ISO) to define the authorization boundary and develop boundary diagram artifacts.
• Analyze and document mission/business processes supported by the system to define comprehensive system security needs, directly linking security to operational objectives.
• Develop and document robust System Security Plans (SSPs) and detailed Security Design Documents, providing a foundational understanding of the system’s security posture.
• Document information types and impact levels (confidentiality, integrity, availability), providing a granular understanding of data sensitivity.
• Ensure the system categorization aligns with DoD mission assurance priorities, supporting critical defense functions.
• Design and implement technical security controls per DoD Secure Configuration Baselines.
• Apply STIGs (Security Technical Implementation Guides) and hardening procedures to all IT assets as applicable, reducing the attack surface and mitigating known vulnerabilities.
• Document control implementation in the SSP, maintaining accurate and up-to-date security documentation.
• Analyze scan results from tools like Tenable, ACAS, or Nessus, identifying vulnerabilities and misconfigurations.
• Conduct self-assessment and validate control effectiveness and document findings in Security Assessment Reports (SARs), providing an internal evaluation of security controls.
• Ensure alignment with DoD Cybersecurity Strategy and acquisition lifecycle, integrating security considerations throughout the system’s lifespan.
• Provide evidence and artifacts in support of security control validation efforts, demonstrating the effectiveness of implemented controls.
• Coordinate and schedule all assessment activities with the SCA and testing teams, facilitating thorough and efficient security evaluations.
• Conduct Security Control Assessments for all RMF “Assess Only” cybersecurity assessments, providing dedicated evaluation for specific security concerns.
• Coordinate with the SCA on development of the Security Assessment Plan (SAP) and Security Assessment Report (SAR), contributing to formal assessment documentation.
• Remediate findings and update the POA&M (Plan of Action and Milestones), tracking the progress of vulnerability mitigation.
• Develop risk mitigation strategies for vulnerabilities that are unable to be fully remediated.
• Track and report on security control effectiveness and system changes, maintaining visibility into security performance.
• Update SSP, POA&M, and SAR as system changes occur or as needed, but no less than annually, reflecting the current state of system security.
• Participate in Annual Security Assessment Review (ASR) and Incident Response exercises, demonstrating preparedness and responsiveness to security events.
• Respond to cybersecurity incidents and environmental changes, ensuring rapid and effective incident handling.