Position Overview
The Specialist, Information System Security III (SISS3) will support the Naval Surface Warfare Center Philadelphia Division (NSWCPD) Department 40 as contractor staff through Arlo Solutions. This key personnel position provides senior-level cybersecurity expertise and technical execution in support of Propulsion, Power & Auxiliary Machinery Systems Cybersecurity requirements, with specific focus on Risk Management Framework (RMF) lifecycle activities, Assessment & Authorization (A&A), and ongoing compliance and assurance across Navy afloat and ashore environments. The SISS3 is responsible for the development, validation, implementation, and continuous monitoring of cybersecurity controls in accordance with Department of Defense (DoD), Department of Navy (DON), and Naval Sea Systems Command (NAVSEA) policy.
Work Location: Primary: Philadelphia, PA; periodic travel to customer and operational sites may be required
Clearance: Active Secret security clearance
Job Responsibilities and/or Success Factors
Cybersecurity Assessment and Implementation
• Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks, and protection needs • Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and Platform Information Technology (PIT) ashore systems • Apply Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), and perform Assured Compliance Assessment Solution (ACAS) scanning • Implement security patches and configuration changes to obtain cybersecurity compliance and remediate vulnerabilities • Perform analysis of logs, events, and reporting from various data collection tools including ACAS, Host Based Security Systems (HBSS), Security Information and Event Management (SIEM), firewall systems, and intrusion detection systems
Risk Management Framework (RMF) Support
• Develop and maintain Plan of Action and Milestones (POA&M) for all Information Assurance-related tasks and deliverables in Enterprise Mission Assurance Support Service (eMASS) • Support continuous monitoring activities for authorized systems to maintain Authorization to Operate (ATO) status • Document residual risks based on package content and assessment results for Security Controls Assessor review • Maintain current vulnerability scan data and residual risk POA&Ms in Vulnerability Remediation Asset Manager (VRAM) • Ensure compliance with NIST SP-800-37, SP-800-53 Rev 4, DoD Instruction 8510.01, and NAVSEA Business Rules
Systems Security and Monitoring
• Conduct systems security reviews, audits, and evaluations to ensure accreditation documents accurately represent current risk posture • Monitor and assess impacts from observed cybersecurity risks and report via the Cybersecurity Program chain of command • Perform evaluation of system administrator and security engineer proposed corrections to ensure compliance • Test systems to verify adequate functionality for mission and project requirements • Support Information Assurance Vulnerability Management (IAVM) activities including remediation, patching, and scanning
Technical Documentation and Reporting
• Develop technical documentation including vulnerability assessments, risk assessments, and security compliance reports • Create and maintain system architecture diagrams, authorization boundary diagrams, and defense in depth diagrams • Present and submit data to management, develop comprehensive reports, and produce procedural documentation • Prepare security-related deliverables in accordance with contract CDRLs and government requirements
Operating System Administration
• Provide expert subject matter knowledge of Windows operating systems (Windows 11, 10, 7, XP, 2000, CE 6.0) and Red Hat Enterprise Linux • Apply system configuration changes and software application updates as required by automated security assessment tools • Identify, present, and implement improvements to operating system configuration settings to maintain secure operations • Develop and enhance operating procedures, process guides, and system-level RMF Control Family Plans
Compliance and Coordination
• Ensure all security requirements and controls are implemented in accordance with DoD and Navy cybersecurity policies • Coordinate with government personnel, system owners, and other stakeholders throughout the RMF process • Support configuration control board practices and track deliverables per A&A guidance • Maintain security clearance and comply with all security requirements specified in the contract
Education and Minimum Qualifications
Must be a U.S. Citizen
Active Secret security clearance
Target Education: High school diploma or high school equivalency certificate
Target Experience: Five (5) years of experience in the following areas:
• Cybersecurity, Engineering, Test and Evaluation (T&E), or A&A related field • Information Assurance tools such as Defense Information Systems Agency (DISA) eMASS and ACAS • Microsoft Windows Operating System Administration, including Windows 11, Windows 10, Windows 7, and Windows XP (at a minimum) • Command line interface, PowerShell, and performing automated tasking through use of code
Minimum Certification: Must demonstrate at least one of the following Information Assurance Technical (IAT) Level 2 certifications (acceptable certifications include: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP)
Continuing Professional Education Requirements
• Maintain current IAT Level 2 certification with required Continuing Professional Education (CPE) as mandated by certification body • Complete all required Government mandated training including Antiterrorism Level 1 Awareness, Operations Security (OPSEC), Cybersecurity 101 Training, and other security-related training as specified
Desired Qualifications
• Experience with Navy cybersecurity programs and RMF processes • Familiarity with NIST Special Publications and DoD cybersecurity instructions • Experience with eMASS, VRAM, ACAS, and other DoD cybersecurity systems • Knowledge of Navy and DoD organizational structure • Experience supporting NAVSEA or other Navy commands • Professional experience in DoD or Navy environments