Senior Information Systems Security Officer
Parsons
- Colorado Springs, CO
- $83,300-145,800 per year
- Permanent
- Full-time
- Collaborates with customers and interdisciplinary SAFe® Agile engineering teams to assess operational demands, break down requirements, and formulate cybersecurity functional requirements; supports agile development to enhance security posture, focusing on mission compliance within a SAFe® framework.
- Employ the Risk Management Framework (RMF) to secure and maintain Authorization to Operate (ATO), Interim Authorization to Test (IATT), and Authority to Connect (ATC) for all accredited information systems, encompassing both on-premise and cloud platforms.
- Develop and maintain System Security Plans (SSP), Security Controls Traceability Matrices (SCTM), Risk Assessment Reports (RAR), Continuous Monitoring Plans (ConMon), Security Assessment Reports (SAR), and Plans of Actions and Milestones (POA&M).
- Develop and update documentation, policies, and procedures, including Ports, Protocols, and Services Management (PPSM) worksheets, system and network diagrams/descriptions, and Standard Operating Procedures (SOPs).
- Coordinate and conduct security audits and system updates to detect nonstandard events and ensure the integrity of systems and information.
- Play an active role in Conducting continuous monitoring activities on Accredited Information Systems (AIS) its environment of operation to include developing and updating the system artifacts, managing, and controlling changes to the system.
- Conduct security impact analysis activities and provide to the ISSM on all configuration management changes to the authorization boundaries.
- Report Cyber incidents or vulnerabilities to the government chain of command and then, as required, to the assigned ISSM.
- Strong ability to produce and maintain varied technical documentation.
- Active Top-Secret Clearance with SCI eligibility
- BS degree in Cybersecurity/Computer Science/Engineering or other relevant field from an accredited university with minimum 5 years of experience
- MS degree in Cybersecurity/Computer Science/Engineering or other relevant field from an accredited university with minimum 3 years of experience.
- Must have IAT Level III or IAM Level III certification. DoD 8570.01/8140.03 Certification: CISSP, CISA, CISM, CASP+
- Broad knowledge of computer networking concepts and protocols, and network security methodologies
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Broad knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
- Experience in reviewing and implementing secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs).
- Broad knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
- Practical experience in guiding systems through NIST SP 800-37 RMF steps, from Prepare to Monitor, using CNSSI 1253 to ascertain appropriate Confidentiality, Integrity, and Availability levels, and the NIST SP 800-53 controls associated with each level.
- Experience with Enterprise Mission Assurance Support Service (eMASS) and Xacta.
- Familiarity using STIG Viewer.
- Familiarity with ACAS, ELK, Splunk or other monitoring tools.
- Additional Certifications/Preferred Not Required: ISC2 Certified in Governance, Risk and Compliance (CGRC).
- Familiarity with Space or Weapons system development, sustainment, and security operations