Job Title: ISSE/ISSO Overview:
EverWatch is a government solutions company providing advanced defense, intelligence, and deployed support to our country’s most critical missions. We are a full-service government solutions company. Harnessing the most advanced technology and solutions, we strengthen defenses and control environments to preserve continuity and ensure mission success.
ACES, an EverWatch company, specializes in intelligence analysis, information technology, and engineering services. We are a full-service government solutions company. We tackle the hardest challenges to ensure that national defenses are strengthen and control environment’s continuity is preserved.
ACES employees are focused on tackling the most difficult challenges of the US Government. We offer the best salaries and benefits packages in our industry - to identify and retain the top talent in support of our critical mission objectives.
Clearance: Positions require a Top Secret security clearance, based on current background investigation (SBI), as well as the favorable completion of polygraph. Clearance and polygraph processing will be completed by the U.S. Government.
Aces is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age (40 or older), disability, genetic information, citizenship or immigration status, and veteran status or any other factor prohibited by applicable law.
Prospective and/or new employees will be required to adhere with EverWatch’s vaccination policy. All EverWatch employees must be fully vaccinated, and they must submit proof of vaccination on their first day of employment. Prospective or new employees may seek an exemption to the vaccination requirement at vaccinestatus@everwatchsolutions.com and must have an approved exemption prior to the start of their employment. Customer site vaccination requirements, if stricter, will take precedence over EverWatch’s vaccination policy.
Responsibilities:
In this role you will:
-
Implement the Risk Management Framework (RMF) process.
-
Define, analyze cyber security requirements and recommend information assurance/security solutions to support customers’ requirements for boundary defense systems.
-
Design, develop, engineer, and integrate solutions per cyber security requirements.
-
Apply knowledge of IT Governance requirements, risk mitigation strategies, and encryption and decryption capabilities to establish secure solutions.
-
Conduct Cyber Security Planning and Scheduling.
-
Conduct security audits and vulnerability scans to recognize system vulnerabilities..
-
Perform and review technical security assessments of computing environments to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies to maintain operational security posture for the boundary systems.
-
Utilize eMASS and keep documentation/artifacts up to date for each boundary system.
-
Develop/update POA&Ms and perform vulnerability tracking to ensure all ATO conditions are met (e.g., Security control identification/mapping).
-
Ensure all CCRI findings are met (fixed or POA&M’d).
-
Review STIGs, upload STIG checklist/.csv files for each system asset into eMASS.
-
Work with Engineering team to develop and keep current all system-level documentation.
-
Provide updated self-assessments and Continuous Monitoring and Risk Scoring (CMRS) reporting.
-
Review PKI plans strategizing how to integrate systems in operational network environments
-
Send risk acceptance requests to ISSM to be pushed to Authorizing Official (AO).
-
Work with the SCA-R to ensure validation of all unofficial eMASS controls. Within 30 days of authorization and every 30 days thereafter, assess, provide compelling evidence for, and submit 30 non-compliant controls for validation.
Qualifications:
Must be proficient and have vast knowledge:
-
Analyzing raw ACAS scan data (.csv files).
-
Working with engineers to ensure vulnerabilities are addressed within 30 days of their discovery date and track vulnerabilities until closure (POA&M, patching, etc.).
- Interpreting FRAGOs, OPORDs, DTOs and CTOs.
-
Monitoring POA&Ms and ensuring they are properly documented and closed (only extended if necessary.)
- Updating essential system documentation for each ATO package as needed to address Non-Compliant Controls.
-
Reviewing applicable STIGs and working with Engineers to apply the STIG remediation.
-
Reviewing and addressing security controls and providing necessary artifacts to ensure their compliance.
-
Experience with Privacy Impact Assessments (PIA) and updating the required PIA documentation.
- Experience in mapping security controls within eMASS and addressing controls that are related to STIGs (so that they are no conflicting controls.
Required Qualifications:
-
4 - 7 years of ISSO/ISSE
-
IAT II Certification (CISSP, CAP, Sec+, CCNA Sec, CySA+, GSEC, SSCP, etc.)
Clearance Level: TS/SCI Job Locations: US-MD-Annapolis Junction Skills: PKI, Risk Management, Analytics, Information Assurance, ISSE, ISSO, Cybersecurity, ATO, CISSP, IAT Level2
