INFORMATION SYSTMES SECURITY OFFICER - CLOUD SECURITY SPECIALIST (NAUT):
Bowhead seeks an Information Systems Security Officer (ISSO Cloud) to support our customer on the Nautical contract in the Arlington, VA area. This position ensures information systems security compliance and manages security controls for DoD cloud migration projects while coordinating security accreditation activities and maintaining ongoing security posture.
• Implement and maintain security controls per NIST 800-53 and DoD standards for cloud-based systems
• Conduct comprehensive security assessments and vulnerability analyses on cloud infrastructure
• Manage security documentation and compliance reporting for continuous monitoring programs
• Coordinate with Authorizing Officials for system accreditation and Risk Management Framework (RMF) processes
• Monitor security incidents and coordinate response activities across cloud environments
• Maintain security awareness training programs and ensure personnel compliance with DoD security requirements
• Support continuous monitoring and security control assessments for cloud-based information systems
• Conduct vulnerability scans and recognize cloud-based vulnerabilities in security systems
• Utilize DoD network analysis tools to identify cloud-based vulnerabilities (e.g., ACAS, HBSS, etc.)
• Apply system, network, and OS hardening techniques for cloud environments
• Conduct cloud-based application vulnerability assessments and penetration testing
• Identify systemic security issues based on analysis of vulnerability and configuration data
• Apply cybersecurity and privacy principles to organizational requirements (confidentiality, integrity, availability, authentication, non-repudiation)
• Utilize Tenable Assured Compliance Assessment Solution (ACAS) for vulnerability management
• Manage Trellix Endpoint Security System (ESS), previously known as McAfee Host Based Security System (HBSS)
• Apply cloud-based access controls (access control lists, LDAP, Active Directory, etc.)
• Configure and maintain Virtual Private Network (VPN) devices and encryption protocols
• Troubleshoot and diagnose cyber defense infrastructure anomalies and work through resolution
• Perform impact/risk assessments for cloud security implementations
• Develop insights about the context of organizational threat environments to improve risk management posture
• Ensure complete understanding and implementation of NISPOM and ICD requirements
• Plan, schedule, and prioritize security activities to accomplish mission objectives
• Handle classified information according to proper procedures and security protocols
• Other duties as assigned
• Bachelor's degree in Cybersecurity, Information Systems, Information Technology, Computer Science, or related field from an ABET accredited or CAE designated institution or 10 years experience in leiu of this degree.
• Minimum of 16+ years of information security experience with demonstrated expertise in cloud security
• Minimum of 5+ years of DoD security experience in enterprise environments
• Minimum of 3+ years of hands-on experience with cloud security frameworks and implementations
• Complete understanding and experience implementing requirements of the NISPOM and ICDs
• Knowledge of cloud security principles and FedRAMP requirements
• Meets the Core and Additional Knowledge, Skills, and Abilities Tasks (KSATs) defined in the DoD Cyber Workforce Framework
• Demonstrated ability to develop solutions to complex security problems
• Proven ability to work in fast-paced, deadline-driven environments
• Excellent verbal and written communication skills for technical and executive audiences
• Recent experience with security management policies and procedures
• Proficiency with Microsoft Office Suite and security management tools
Required: CISSP, CISM, or equivalent DoD Directive 8570 compliant certification; CompTIA Security+
Desired: GCIH, GSEC, CISSP, CISA, FITSP-M, GCSA, GISF, SSCP, CEH, or other advanced security certifications
Physical Demands
SECURITY CLEARANCE REQUIREMENTS: Must be able to maintain a security clearance at the Top Secret level with SCI eligibility and maintain SAP eligibility. Due to work requirements, this position will not entertain work from home capabilities. US Citizenship is a requirement for this contract.
#LI-KC1
UIC Government Services (UICGS) and its Bowhead family of companies are a division of Ukpeaġvik Iñupiat Corporation (UIC), an Alaskan Native Corporation (ANC). UIC is one of the largest ANC’s in Alaska, and combined with UICGS/Bowhead, we offer a wide variety of services to defense and civilian government agencies that reach across multiple disciplines, the U.S., and the world. With our excellent management team and great range of services in the areas of Information Technology, Logistics & Marine, Manufacturing & Products, Program Management and Operations, and Systems & Technology, we perform over 250 contracts worldwide with innovative business solutions in areas such as engineering, maintenance services, manufacturing, information technology, program support, logistics/base support, and procurement. Collectively, our 3,500+ employees of the Bowhead family of companies, UIC, UIC Government Services, UIC Government Construction, and UIC Commercial remain committed to delivering quality results to ensure our customers’ success. Headquartered in Virginia, we are a fast-growing, multi-million-dollar corporation consistently recognized as one of the top 25 8(a) certified small business companies for government contracting.