Information System Security Officer (ISSO) - Tyto Athene, LLC : Job Details

Tyto Athene is searching for an ISSO to support a Government Program Management Office in Suitland, MD.

Responsibilities:

• Provide cybersecurity engineering support as part of the system development life cycle (SDLC). Ensure security requirements are integrated into the system architecture, design, development, testing, assessment, authorization, delivery, and sustainment.
• Apply the cybersecurity risk management framework (RMF) to program information systems in accordance with NIST SP 800-37, DoDI 8510.01, and ICD-503.
• Implement the RMF life cycle steps to achieve system authorization and operation. Build, maintain, and track system's cybersecurity baselines and security authorization documentation using both eMASS and Xacta enterprise platforms.
• Provide support to cybersecurity architecture and assessment & authorization (A&A) processes, ultimately leading to Authority to Operate (ATO) decision.
• Identify and employ cybersecurity best practices for the organization. Create a well-informed plan based on DOD and Navy cybersecurity strategy and manage the adaption process. Incorporate security management into hardware, software, and applications.
• Assist Government managers with information security oversight, policy analysis, IT product acquisition, and program execution in accordance with NIST SP 800-39 and the DoDI 8500.01.
• Engage with Program Managers and technical stakeholders to interpret technical requirements, standards/policies, architectural artifacts, budget development, implementation, auditing, program briefs, and continuous monitoring.
• Perform ACAS scanning, STIG checklist actions, vulnerability assessment/mitigation, implement changes, and review systems to identify potential security weaknesses.
• Prepare documentation including Plan of Action & Milestones (POA&M), Systems Security Plans (SSP), Risk Assessment Reports (RAR), A&A packages, System Requirements Traceability Matrices (SRTM), Annual Security Reviews (ASR), and Security Assessment Reports (SAR).

Required:

• Bachelor's Degree in computer science, cyber security, information systems, or other related technical discipline.
• Six (6) or more years of experience in IT security, including RMF methodology and A&A.
• Active DoD Cyber Workforce IAT Level II certification as a minimum, with specific course completion or renewal certificate.
• Exceptional understanding of DOD cybersecurity policies, RMF steps and structure, A&A process, and gaining system authorization to operate (ATO).
• Some background with Red Hat Enterprise Linux (RHEL) operating system.
• Ability to operate and execute DISA tools, STIG Viewer, eMASSter, and strong familiarity with eMASS and Xacta functionality.
• Strong communication skills with all levels of the IT workforce and can translate complex technical topics for senior decision-makers. Prepare/deliver presentations to leadership.

Desired:

• CISSP, CISA, SSCP, CASP, GSEC, and/or CEH.

Clearance: Active TS clearance with access to SCI as reported in DISS (must have current Tier-5)

Location: Work is located 100% on government site in Suitland, MD