Information System Security Specialist III
Listed on 2026-07-04
-
IT/Tech
Cybersecurity, Information Security
Position Overview
The Specialist, Information System Security III (SISS3) will support the Naval Surface Warfare Center Philadelphia Division (NSWCPD) Department 40 as contractor staff through Arlo Solutions. This key personnel position provides senior-level cybersecurity expertise and technical execution in support of Propulsion, Power & Auxiliary Machinery Systems Cybersecurity requirements, with specific focus on Risk Management Framework (RMF) lifecycle activities, Assessment & Authorization (A&A), and ongoing compliance and assurance across Navy afloat and ashore environments.
The SISS3 is responsible for the development, validation, implementation, and continuous monitoring of cybersecurity controls in accordance with Department of Defense (DoD), Department of Navy (DON), and Naval Sea Systems Command (NAVSEA) policy.
Work Location:
Primary:
Philadelphia, PA; periodic travel to customer and operational sites may be required.
Clearance:
Active Secret security clearance.
- Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks, and protection needs.
- Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and Platform Information Technology (PIT) ashore systems.
- Apply Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), and perform Assured Compliance Assessment Solution (ACAS) scanning.
- Implement security patches and configuration changes to obtain cybersecurity compliance and remediate vulnerabilities.
- Perform analysis of logs, events, and reporting from various data collection tools including ACAS, Host Based Security Systems (HBSS), Security Information and Event Management (SIEM), firewall systems, and intrusion detection systems.
- Develop and maintain Plan of Action and Milestones (POA&M) for all Information Assurance-related tasks and deliverables in Enterprise Mission Assurance Support Service (eMASS).
- Support continuous monitoring activities for authorized systems to maintain Authorization to Operate (ATO) status.
- Document residual risks based on package content and assessment results for Security Controls Assessor review.
- Maintain current vulnerability scan data and residual risk POA&M in Vulnerability Remediation Asset Manager (VRAM).
- Ensure compliance with NIST SP-800-37, SP-800-53 Rev 4, DoD Instruction 8510.01, and NAVSEA Business Rules.
- Conduct systems security reviews, audits, and evaluations to ensure accreditation documents accurately represent current risk posture.
- Monitor and assess impacts from observed cybersecurity risks and report via the Cybersecurity Program chain of command.
- Perform evaluation of system administrator and security engineer proposed corrections to ensure compliance.
- Test systems to verify adequate functionality for mission and project requirements.
- Support Information Assurance Vulnerability Management (IAVM) activities including remediation, patching, and scanning.
- Develop technical documentation including vulnerability assessments, risk assessments, and security compliance reports.
- Create and maintain system architecture diagrams, authorization boundary diagrams, and defense in depth diagrams.
- Present and submit data to management, develop comprehensive reports, and produce procedural documentation.
- Prepare security-related deliverables in accordance with contract CDRLs and government requirements.
- Provide expert subject matter knowledge of Windows operating systems (Windows 11, 10, 7, XP, 2000, CE 6.0) and Red Hat Enterprise Linux.
- Apply system configuration changes and software application updates as required by automated security assessment tools.
- Identify, present, and implement improvements to operating system configuration settings to maintain secure operations.
- Develop and enhance operating procedures, process guides, and system-level RMF Control Family Plans.
- Ensure all security requirements and controls…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).