Tactical Systems ISSO

General Summary:

Conducts vulnerability and compliance scanning for tactical information technology systems and platforms as well as develops and maintains Risk Management Framework authorization packages and documentation to ensure a healthy cybersecurity posture and to achieve and maintain Authorization to Operate in accordance with DOD, Army, NETCOM, and organizational policies. 

Principal Duties and Responsibilities (*Essential Functions):

• Conducts DOD Assurance Compliance Assessment Solution (ACAS) vulnerability scanning.
• Validates ACAS scan results and troubleshoots failed scans on a variety target devices and operating systems.
• Configures vulnerability scans within Security Center to meet DOD Requirements.
• Assesses DISA Security Technical Implementation Guides (STIG) using both manual and automated tools.
• Updates and maintains Authorization packages in the DOD enterprise Mission Assurance Support System (eMASS) for tactical systems.
• Provides network and security operations technical analysis, assessment, and recommendations.
• Identifies where systems/networks deviate from acceptable configurations, enclave policy, or local policy.
• Conducts audits to ensure information systems security policies and procedures are implemented as defined in security plans and best practices. 
• Performs detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards.
• Establishes strict program control processes and policies to ensure mitigation of risks and supports obtaining certification and accreditation of systems. 
• Supports the formal testing requirements through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
• Performs evaluations (compliance audits) and/or active evaluations (vulnerability assessments). 
• Implements and documents management, operational, and technical NIST 800-53 security controls and control enhancements.
• Develops and implements security policies and procedures that align with the organization’s mission and goals.
• Advise appropriate leadership (e.g., Program Information System Security Manager, Authorizing Official Designated Representative, etc.) of security relevant changes affecting the organization’s cybersecurity posture.
• Create or update system Authorization Boundary Diagrams, Information or Data Flow Diagrams, and Security Architectures.
• Ensure that assigned IT systems, platforms, or applications can receive an ATO or Assess Only Approval.
• Review existing documentation and perform edits and updates to ensure the applicable security controls continue to be met and remain effective.
• Conduct Annual Security Reviews (ASR) and FISMA Reviews for Information System records in eMASS.
• Review, create or update a variety of DOD and RMF documentation (including but not limited to Security Plans (SP), Configuration Management Plans (CMP), Incident Response Plans (IRP), Contingency Plans (CP), Access Control Policies, and other Assessment & Authorization (A&A) artifacts).
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network or system operations.
• Identify the correct applicable Security Technical Implementation Guide (STIG) and Security Requirements Guides (SRG) for technologies used with systems and also test and apply them to the components of the information system.
• Identify and address applicable Cyber Tasking Orders, alerts, advisories, errata, and bulletins published from authoritative sources across the organization.
• Identify and properly document deviations, vulnerabilities, and mitigations on the system Plan of Actions and Milestones (POA&M) in eMASS, to include importing results from technical scans into eMASS and managing the resulting POA&M items.
• Use a variety of cybersecurity tools that include, but are not limited to, enterprise Mission Assurance Support System (eMASS), Security Content Automation Protocol (SCAP) Compliance Checker (SCC), Assured Compliance Assessment Solution (ACAS)/Nessus Vulnerability Scanner, Evaluate-STIG, eMASSter, DISA STIG Viewer, etc.
• Perform detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards where appropriate.
• Support the formal testing requirements through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports as needed.
• Perform evaluations (e.g., internal compliance audits) and/or active evaluations (e.g., vulnerability assessments) of systems to assess Cybersecurity posture and identify mitigations for risks.
• Support meetings with system or information owners, stakeholders, user representatives, engineers, administrators, and leadership to ensure that cybersecurity considerations are addressed across the team and organization.

At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefits here. 

Required Qualifications

• Bachelor’s Degree in related field or equivalent experience
• Minimum of 10 years of work related experience.
• At a minimum, current and active Security+CE certification, equivalent, or higher
• Strong written and verbal communication skills
• Expertise in performing DOD Assurance Compliance Assessment Solution (ACAS) vulnerability scanning
• Expertise in Validating ACAS scan data and troubleshooting failed scans on a variety target devices and operating systems
• Expertise in Configuring and executing vulnerability scans within Security Center and ACAS to meet DOD Requirements
• Expertise in Virtual Machine hypervisor VMWare and Red Hat Enterprise Linux
• Expertise assessing and implementing DISA Security Technical Implementation Guides (STIG) using both manual and automated tools
• Experience in working in the DOD enterprise Mission Assurance Support System (eMASS)
• Experience with Assessment & Authorization and achieving Authorization to Operate (ATO) under the Risk Management Framework (RMF)
• Self-motivated and able to support customer needs.
• DoD Secret security clearance required; US Citizenship required; 

Preferred Qualifications

• Master's Degree in related field preferred
• Certified Information Systems Security Professional (CISSP) preferred
• Knowledge of:   
  • Cybersecurity for tactical systems and Type Authorized deployed systems.
  • Experience creating and managing Plans of Actions and Milestones (POA&M) within eMASS.
  • Familiarity with Cisco and other network device configuration.
  • Network security architecture concepts including topology, protocols, components, and principles
  • Server administration and systems engineering theories, concepts, and methods.
  • Reporting and remediating vulnerabilities from tasking orders, alerts, advisories, errata, and bulletins.
  • Prior DOD or Army Cybersecurity experience. 

Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.