Applied Research Associates (ARA), Inc. has an immediate need for an experienced Information Systems Security Officer (ISSO) for the Integrated Missions System Sector in Raleigh, NC. The ISSO will support the Information System Security Manager (ISSM) to ensure the appropriate operational security posture is maintained for multiple information systems and secure networks. The ISSO will continuously monitor that each system or network meets the Risk Management Framework (RMF) requirements and are kept up to date according to System Security Plans, the DAAPM/NISPOM, and applicable NIST Publications. In this position, the ISSO will build, configure and maintain systems that adhere to a collective of different government regulations.
What you'll do as an ISSO:- Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
- Generate and maintain required IS security documentation including Systems Security Plans (SSP), Information Assurance Standard Operating Procedures (IA SOP), Continuous Monitoring Plans, Security Control Traceability Matrices, Risk Assessments, Plan of Action & Milestones (POA&M), equipment specifications, practices and procedures
- Maintain day-to-day security posture and continuous monitoring of various classified systems
- Assist in ensuring compliance with the DCSA Assessment and Authorization Process Manual (DAAPM), Department of Defense (DoD) regulations, Intelligence Community Directives (ICDs), and Security Technical Implementation Guides (STIGs)
- Schedule, perform and maintain records of required IS auditing, patching, maintenance, software/hardware changes, and scanning based on evolving threat/vulnerabilities and customer compliance requirements
- Develop and conduct test procedures for verification of Assessment and Authorization (A&A) & Risk Management Framework (RMF) safeguards to meet customer requirements based upon NISPOM, DAAPM and related NIST publications
- Assess changes to an IS by performing periodic self-inspections, tests and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities
- Maintain a working knowledge of IS functions, security policies, technical security safeguards, and operational security measures. Coordinate with Facility Security Officer (FSO) and Program Security Officers (PSO) to define, implement and maintain information security policies, strategies, and procedures
- Implement policies and procedures for responding to security incidents, and for investigating and reporting security violations and incidents
- Assist ISSM with the development, documentation, and presentation of classified IS security education, awareness, and training activities
- Assist the ISSM with preparation for Defense Counterintelligence and Security Agency (DCSA) Security Vulnerability Assessments (SVA), Command Operational Readiness Assessments (CORA), and Other Government Agency (OGA) inspections
- Performs other duties as required
ISSO Requirements:- U.S. citizenship is required and an active Secret clearance
- High School Diploma with 8-10 years of experience
- Have a strong understanding of computer operating systems (Windows and Linux), software, and computer hardware
- Ability to configure laptops/desktops/servers, install applications, setup network infrastructure, and troubleshoot as required
- 1 year of experience performing vulnerability assessments
- 1 year of experience conducting STIG/SCAP compliance scans (SCC)
- 2 years of experience working with Microsoft Active Directory and Group Policy Management
- Possess and maintain a DoD 8570 IAM-I level professional certification (i.e. Security +) or can obtain the certification within six (6) months of hire
ISSO Preferences:- BS Degree with 2-4 years of experience
- Top Secret Clearance with SCI eligibility
- Strong organizational and administrative skills
- Strong interpersonal skills working with all levels of staff and customers
- Ability to work independently and exercise good judgment
- Strong written and verbal communications skills
- Maintain and adhere to a high level of confidentiality
- Possess the ability to multitask, prioritize workload, and be flexible
- Possess the ability to learn new systems and procedures quickly
- Proficient in IA Security specifications such as Risk Management Framework (RMF), NIST SP 800-53, DAAPM
- 2 years of experience with security assessment/hardening tools, i.e. STIGs, SCAP, ACAS, etc.
- Security+ Certification
Who is ARA?Do you want to work for a purpose? Applied Research Associates, Inc. (aka ARA) is an employee-owned international research and engineering company. We have been providing technically superior solutions to complex and challenging problems in the physical sciences since 1979. ARA has over 2,271 employee owners and continues to grow rapidly. Together, our offices throughout the U.S. and Canada provide a broad range of technical expertise in defense, civil, and health technologies, computer software and simulation, systems analysis, environmental technologies, and testing and measurement.
ARA also prides itself, on having a challenging culture where innovation & experimentation are the norm. The motto, "Engineering and Science for Fun and Profit" sums up the ARA experience. Employee ownership ensures you have a voice with what happens in the company. We are also very proud of our Women's Initiative Network (WIN), whose purpose is to motivate, support, and encourage professional career development for women to maximize career and professional accomplishments.
To find out more about what the Integrated Mission Systems Sector has to offer, visit our website at: https://www.ara.com/benefits/
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)