Sr. Information Systems Security Officer

at  MAG Aerospace

Position Summary:
MAG Aerospace is seeking an experienced Information System Security Officer (ISSO) to support Product Manager Information Warfare Cyber Development (PdM IWCD). This position will provide support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program Activities.
This is an opportunity to be involved in the newly formed PM Cyber & Space and be a part of the rapidly growing Cyber Development Product Office responsible for key capabilities within the offensive cyber operations world.
Telework available 1 to 2 days a week. This is subject to change based on mission
US Citizenship
Essential Duties and Responsibilities:

Duties include, but not limited to:

• Prepare and review system security documentation; for example, System Security Plans (SSP), system boundary definition, systems security plan, configuration management plan, contingency plan, and security agreements (e.g., MOUs, ISAs), etc.
• Review, prepare, and update full RMF authorization packages.
• Conduct assessments of information security controls in order to measure the effectives of controls, recommend mitigation strategies/mechanisms and identify any potential gaps.
• Manage remediation efforts and report on the status of control deficiencies.
• Provide security expertise to business units and key stakeholders.
• Provide timely status updates/reporting on assessments and assigned projects.
• Interact with numerous DOD, military/civilian personnel and industry partners.
• Teach and guide other cyber security personnel and engineers on the proper processes and procedures.
• Other Duties May Be Assigned

Requirements:

KNOWLEDGE AND SKILLS

• Thorough knowledge of NIST 800 series Special Publications, Federal Information Processing Standards (FIPS) and other relevant federal and DoD cybersecurity regulations.
• Experience preparing and reviewing RMF authorization packages.
• Must have previous experience with the security authorization process including the review of system security documentation; for example, System Security Plans (SSP), system boundary definition, systems security plan, configuration management plan, contingency plan, and security agreements (e.g., MOUs, ISAs), etc.
• Familiarity with operational needs statements and DoD 5000 acquisition lifecycle processes.
• Experience in creating and maintaining security configuration baselines for Windows and Linux platforms, networking equipment, cloud technologies and custom hardware and software applications.
• Must meet positions and certification requirements outlined in DoD Directive 8570.01M for Information Assurance Technician Level 2.
• Must have the ability to work in a dynamic environment and effectively interact with numerous DOD, military/civilian personnel and industry partners.
• Ability to teach and guide other cyber security personnel and engineers on the proper processes and procedures.
• Must possess a high degree of initiative and personal accountability requiring minimal supervision.
• Demonstrate excellent written and oral communications skills; organizational and analytical skills; the ability to express thoughts clearly; and the ability to effectively collaborate in a team environment.

EXPERIENCE

• Minimum of ten (10) years or relevant work experience.
• 5-8 years’ experience in executing “life cycle” Information Assurance / Cybersecurity
• 6 years of progressively complex experience in the development, integration, and implementation of cyber security and program protection standards for networking, computers, and custom application development.

EDUCATION

• Bachelors Degree required
• Additional years of experience can be used in lieu of degree.

PREFERRED QUALIFICATIONS

• Candidates possessing advanced certifications to meet IAT level 3 certifications: CISSP, CASP+, CE|H, CISM, etc. will be given preference.
• Experience with eMASS and XACTA.

OTHER QUALIFICATIONS

• Willingness to travel (up to 20%) within the organizational geographic Area of Responsibility.
• Ability to work in office/field/lab environments
  Special Note:
  The position is contingent upon candidate’s ability to meet physical and medical requirements as needed by the position; including compliance with all applicable federal, state, and local jurisdictional requirements.
  Government or customer site-specific requirements may include, but are not limited to, proof of full COVID-19 vaccination status, except in circumstances where a candidate is legally entitled to an accommodation.
  Company Policy:
  MAG Aerospace (MAG) is an Equal Opportunity/Affirmative Action Employer and is committed to Diversity and Inclusion. We encourage diverse candidates to apply to our positions.
  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
  Click below for the “Know Your Rights” and “Pay Transparency Nondiscrimination” supplement posters.
  https://www.dol.gov/agencies/ofccp/posters
  MAG Aerospace (MAG) is committed to providing an online application process that is accessible to all, including individuals with a disability, by offering an alternative way to apply for job openings. This alternative method is available for those who cannot otherwise complete the online application due to a disability or need for accommodation.
  MAG provides reasonable accommodation to applicants under the guidance of the Americans with Disabilities Act (ADA), Section 503 of the Rehabilitation Act of 1973, the Vietnam-Era Veterans’ Readjustment Assistance Act of 1974, and certain state and/or local laws.
  If you need assistance due to a disability, please contact the MAG Aerospace Recruiting email:
  Applicant.Assist@mag.us or call (703) 376-8993.

• Prepare and review system security documentation; for example, System Security Plans (SSP), system boundary definition, systems security plan, configuration management plan, contingency plan, and security agreements (e.g., MOUs, ISAs), etc.
• Review, prepare, and update full RMF authorization packages.
• Conduct assessments of information security controls in order to measure the effectives of controls, recommend mitigation strategies/mechanisms and identify any potential gaps.
• Manage remediation efforts and report on the status of control deficiencies.
• Provide security expertise to business units and key stakeholders.
• Provide timely status updates/reporting on assessments and assigned projects.
• Interact with numerous DOD, military/civilian personnel and industry partners.
• Teach and guide other cyber security personnel and engineers on the proper processes and procedures.
• Other Duties May Be Assigne