Cyber Information Systems Security Officer

Cyber Information Systems Security Officer

Future Technologies is in search of a Cyber Information Systems Security Officer to join our winning team in Dahlgren, VA.

• Provide IA support for the development and tactical hardware suites of equipment for H20 programs and products, including laboratory/land-based systems and operational afloat systems. This support includes coordination of system patching, user management, log management, and respective authorization/assess only documentation preparation and review.
• Assist in the preparation of the authorization documentation for submission to the respective Information Systems Security Manager (ISSM) or other program specific Designated Approving Authority (DAA), utilizing the appropriate DoD Accreditation standards, policies, and directives.
• Develop IA/cybersecurity guidelines and standard operating procedures (SOPs). Analyze policies, regulations, and system provisions governing standard operating systems. Assist and advise users of policies, regulations, and system provisions for the standard operating systems.
• Validate and verify system security requirements/controls and coordinate integration of system security capabilities for various environments.
• Observe, test, and monitor changes in information systems that might affect the security posture. As the ISSO, the candidate shall perform configuration management for information system security software, hardware, and firmware, and manage changes to systems, assessing their security impact. Additionally, notify ISSM on Cybersecurity issues affecting IT systems and software they are assigned to support.
• Develop, update, and/or review RMF documentation to include the System Security Plan (SSP), Security Control Traceability Matrix (SCTM), Plan of Action and Milestone (POA&M), Risk Assessment Report (RAR), and Security Assessment Plan (SAP).

• DOD 8140 certification at IAT Level II certification (e.g., Security+ CE, CySA+, CCNA Security, GSEC) or attain by allotted time. Minimum of eight (8) years of experience in Information Assurance, Computer Security, or Risk Management Framework for Department of the Navy systems as an ISSO or Information System Security Engineer (ISSE).
• Ability to review and update diagrams to accurately reflect system changes.
• Have knowledge of DoD-approved cybersecurity concepts and tools including DISA STIGs and Assured Compliance Assessment Solution (ACAS) scans in support of system vulnerability management and reporting.
• Perform and review technical security assessments to identify vulnerabilities and ensure compliance with information assurance (IA) standards and regulations. This includes vulnerability status tracking and reporting in DoD systems.
• Independently prepare and review security documentation, including System Security Plans (SSPs) and Asses Only/Authorization packages. Independently prepare, review, and update authorization packages.
• Demonstrated experience with Risk Management Framework and Platform Information Technology (PIT) systems.
• Strong technical knowledge with 8+ years of Linux and Windows commands and utilities.
• Excellent written and verbal communication skills along with ability to interface with project lead, software developers, system integrators, and system administrators.
• Experience with Microsoft Visio or Cameo to update system diagrams and defense‑in‑depth diagrams.
• Has knowledge and expertise in DoD-approved cybersecurity concepts and tools including DISA STIGs, Security Content Automation Protocol (SCAP) Compliance Checker, Evaluate‑STIG, eMASS, ACAS Scans, and Security Center in support of system vulnerability management and reporting. This includes reviewing IAVMs/IAVAs, tracking vulnerability status and reporting in DoD systems. Additionally, able to register new systems and maintain systems in eMASS.
• Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements. Familiarity with updating PIA forms annually and eAuthentication every three years, or sooner if needed.
• Experience with scanning containers (e.g., Podman…