Information System Security Officer - FANTASTIC CULTURE

HuntSource - El Segundo, CA (30+ days ago)


SUMMARY

**Candidate must currently hold an active TS/SCI Clearance**

The Information System Security Officer (ISSO) is a full-time, direct-hire position that ensures all classified and controlled systems under the company’s umbrella are in compliance with applicable federal regulations and defined security requirements. This person needs to have a Security-focused mindset and will provide extensive IA support, including auditing and patching classified systems, creating new and existing assessments and authorization packages, and designing new technical security controls.

COMPANY PROFILE

HuntSource is partnered with a technology and security-driven company that delivers high-performance space systems to large government entities such as NASA, DoD, NSA, and commercial space sponsors. They are a cultural haven for collaborative-minded professionals looking to sharpen their technical tools, learn new skills, and work in an environment truly upholding the “No Door” policy. Located 10 minutes south of LAX, this organization offers opportunities that very few of its competitors can bring to the table. They offer phenomenal benefits, stability, and career growth potential!

JOB DESCRIPTION

Primary Responsibilities

  • Serve as a coach to the data science team, working to help them grow their skills and careers while also adhering to and enforcing development standards across the team
  • Create new/manage existing assessment and authorization packages, ensuring authorization to operate (ATO) is obtained and maintained; this includes implementing security controls; certification testing (planning, writing procedures for, and conducting); facilitating 3rd party certification and penetration testing; addressing POAM (Plan of Action and Milestones) items, and; continually monitoring activities
  • Design and implement technical security controls for all new and existing systems
  • Involved in or leading the planning and execution of risk management activities including disaster recovery, incident response, continuity of operations, etc.
  • Ensure the requirements of government agencies and the owner/users of systems (Program Managers, Systems Engineers, Developer) are considered when ensuring system authorization packages
  • Participate in or lead computer forensic activities such as using tools and techniques for attack reconstruction, providing fix actions and recommendations, and root cause analysis
  • Provide administrative support for security policy development and maintenance

Qualifications

  • Active TS/SCI Clearance
  • 3+ years of directly related experience
  • Certification(s) and experience commensurate with Information Assurance Manager Level II (IAM Level II) as specified by DoD 8570.01-M or the ability to be compliant within six months of employment
  • Experience in classified environments such as DoD, SCI, SAP
  • Working knowledge of the Risk Management Framework (RMF) as provided by NIST Special Publication (SP) 800-37, controls provided in NIST SP 800-53, and assessments provided by NIST SP 800-53A, as well as derived policies, such as the Intelligence Community Directive Number 503 (ICD-503) or the Joint Special Access Program (SAP) Implementation Guide (JSIG)
  • Knowledgeable of and experience with completing and submitting assessment or accreditation and authorization packages
  • Able to audit and verify security controls as part of industry standard system hardening or in accordance with customer or government requirements
  • Excellent communication skills used to explain complex concepts with senior management, technical personnel, and external entities including senior representatives of the US Government and teammates
  • Ability to audit, perform vulnerability scanning, and continuously monitor mixed computer systems (Windows, Linux, other devices) using tools such as scripts, Tenable Nessus and Splunk
  • Preferred: experience with applications such as Active Directory, Exchange, and SharePoint
  • Preferred: Able to participate in or manage CIRT (Computer Incident Response Team) activities, including computer forensic analysis
  • Preferred: Able to analyze network traffic using firewalls, IDS, and other common security devices
  • Preferred: Familiarity with PKI (Public Key Infrastructure) and other authentication/encryption framework

Job Type: Full-time