Join a fast growing agile small company that delivers cutting edge cybersecurity and system integration services to the US National Security market. We are seeking a motivated self-starter with experience in secure information systems to join a team of security professionals and help defend national security programs.


Security Clearance Requirements:
Active Top Secret / SCI Required

This position requires full-time on-site support. This is not a remote position.

Tau Six, an agile small company delivering cutting edge cybersecurity and systems integration services to the US National Security market, has an immediate need for a Senior Information System Security Officer (ISSO) for a Department of Defense customer. In this role you have the opportunity to work with a cross-functional team in multiple technical areas to include operations, engineering, security, and systems development to deliver secure solutions to our national security customers.

The Information Systems Security Officer (ISSO) ensures the appropriate operational security posture is maintained for specific information systems to include Wide Area Networks (WANs), Local Area Networks (LANs), Cross Domain Solutions (CDSs), and standalones; developing and updating system security plans; managing and controlling changes to specific systems and assessing the security impact of those changes; incident handling; and development of information system security documentation, policies, and procedures.

The ISSO is responsible for providing Risk Management Framework (RMF) products that document the information system’s adherence to the security controls applied. RMF products shall be delivered for information systems identified by the COR.

The ISSO is responsible for delivering annual Federal Information Security Modernization Act (FISMA) reports and metrics for information systems identified by the COR. The FISMA reporting requirements will be defined annually by the COR’s CIO and will focus on reporting the adequacy and effectiveness of the information security policies, procedures, and practices of the enterprise.

Responsibilities:

  • Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
  • Create and maintain existing information system security documentation, including SSP, SCTM, and Risk Management Framework (RMF) Body of Evidence
  • Ensure all users have the requisite security clearance, authorization, need-to-know, and are aware of their security responsibilities before being granted access to the system, and periodically thereafter
  • Write implementation and design documents describing how security features are implemented
  • Prepare system documentation for assessment in accordance with RMF and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance
  • Create security policies and maintain existing information system security documentation
  • Conduct periodic and continuous monitoring of the system to ensure compliance with the authorization package
  • Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes
  • Conduct daily, weekly, and monthly audit review and management of the audit collection system for assigned systems, boundaries, and components
  • Continuously review and evaluate best practices for implementing a comprehensive audit program
  • Implement vulnerability management programs, including tracking and addressing IAVAs and security patches, accessing applicability to existing systems, and ensuring closure
  • Implement media control and data transfer policies
  • Provide direction and guidance to less experienced Cyber Security personnel
  • Remain sensitive to security infractions and assist in security investigations and responses as requested
  • Work on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment
  • Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage
  • Communicate well, both orally and in writing with both government and industry audiences

Qualifications:

  • Shall have 4 or more years of experience in Information Security (INFOSEC) operations and/or Cybersecurity-related support.
  • Graduated with a Associate's Degree (preferably in telecommunications, computer science, information systems management, electrical engineering, computer engineering or similar field of study) and 9+ years’ experience with information networks and related security concerns; or a Master's degree with 7+ years’ experience
  • Strong background and extensive experience with RMF, ICD 503, NIST SP800-53, JSIG or DJSIG; knowledge of current authorization practices, particularly within the DoD. Extensive background with DITSCAP/DIACAP may be substituted in some cases.
  • Some experience with security efforts related to modern Windows, Cloud computing, Linux, UNIX, Cisco, SQL or Oracle databases, and virtual computing. This might also include some system administration work with an emphasis on security control implementation.

Desired Qualifications:

  • 2 or more years of experience with the Risk Management Framework (RMF) within the Intelligence Community (IC), DoD, and/or Federal Systems community.
  • 1 or more years of experience with using Security Information and Event Management (SIEM) products.
  • 1 or more years of experience with using vulnerability scanning products.
  • OS/CE certificate for Windows 10 and Windows Server 2012/2016 or newer.
  • OS/CE certificate for Red Hat Enterprise Linux (RHEL).
  • DoD 8570.1 / DoD 8140.01 certification (IAT Level III, IAM level II ), CAP, CASP, CISSP, or CISM desired

Security Clearance Requirements: Active Top Secret / SCI Required