Own your opportunity to work with the largest government agency in the nation. Make an impact by advancing the Department of Defense’s mission to keep our country safe and secure.
Job DescriptionGuard Enterprise Cyber Operations Support (GECOS) – Sr. Information System Security Officer (ISSO): THIS POSITION ALLOWS FOR UP TO 2 DAYS REMOTE WORK A WEEK.
We are GDIT. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that’s important.
GDIT is your place. You make it your own by embracing autonomy, seizing opportunity, and being trusted to deliver your best every day.
GDIT has an opening for a Sr. ISSO position supporting the Army National Guard (ARNG) in Falls Church, VA. This is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG’s global Information Technology (IT) services including networking, compute, storage, infrastructure, applications, hosting, and program management services.
The GECOS program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services. GECOS uses ITIL best practices framework as the basis for IT Service Management (ITSM) model.
How the Sr. ISSO will make an impact:
Validate security controls and documents in the Risk Management Framework (RMF) eMASS package, to include: the SSP, SAR, PIA, Categorization Form, Implementation Plan, Network Topology, HW/SW Listing, and Plan of Actions and Milestones (POA&Ms).Direct Accreditation and Recertification activities for multiple EMASS ATO records networks and assist Service Owners with managing schedule to completion (ATO)Interfaces with client to understand their security needs and oversees the development and implementation of procedures to accommodate them.Maintain up-to-date statuses on all assigned systems and communicate status to the Government leads.Develop and maintain security plans and security testing plans.Be responsible and accountable for all task and reporting deadlines.Continuously improve risk models; metrics; reports; processes; and activitiesProduce actionable; risk-based reports on security assessment results.Manage, train, and mentor more junior team members.Create and maintain cybersecurity policies and standards.Ensure that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards.Correspond with Government customer and system administrators to communicate any unacceptable risks identified and correct deficient RMF POA&M to meet Army and DoD standards.Maintain complete records of communications, submit written status reports as required, perform peer-review as directed, and attend weekly meetings.Coordinate with the Security Control Assessor (SCA) to perform analysis of the overall risk level the system poses to enterprise networks and data.Assist with vulnerability remediation when necessaryEnsure that the user community understands and adheres to necessary procedures to maintain security.Maintains current knowledge of relevant technology as assigned.Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation.Upload vulnerability scans conducted on networks; systems and applications utilizing ACAS into eMASS.Conducts reviews of ATCTS privilege users against 8140 requirements ensuring security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.What you'll need to be successful:
Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical training, or work experience.Meet DoD 8570 IAM I certification requirements (CCNA-SecurityCySA+ **GICSPGSECSecurity+, CECNDSSCP, CAPCNDCloud+, GSLCSecurity+ CEHCISPP, Comp TIA Security+ CE, Certified Authorization Professional (CAP)Required Experience:
5+ years of information security management experience; preferably in the DoD environments
Experience managing vulnerability mitigation and information security process in an enterprise environment
Experience with RMF process and POA&M tracking and resolution.
Experience with NIST publications, DoD 8500 series, AR 25-2, AR 380-5, AR 380-40, FIPS.
Experience with the Enterprise Mission Assurance Support Service (eMASS).
DoD ISSO experience a must
DoD Secret Required
Preferred Skills:
Knowledge of Windows client/server; VMWare; networking; VTC/ VoIP; web/application servers; databases; and network architectures
Ability to learn complex computing environments quickly; memorization skills desired
Ability to produce and disseminate reports for vulnerability assessments and compliance reporting
Location: On Customer Site with up to 2 days telework. Requires on-site support up to 45 days, if performance is good, telework can be considered part time, but no more than 2 day a week. Could change to full time on site on direction by management or government.