Information Systems Security Officer

GDIT is your place. Make it your own by discovering new ways to apply the latest technology securely and expertly. Own your opportunity at GDIT and you’ll be a meaningful part of improving how agencies operate. Our work depends on an Information Systems Security Engineer joining our team.

At GDIT, we foster a people-centric environment. As an Information Systems Security Officer, you will be responsible for capturing and refining information security requirements and ensuring their integration into information technology component products and information systems through purposeful security design or configuration. You will work closely with other project managers and various software engineering, infrastructure, and technical operations teams to assess requirements, coordinate resources, and deliver information security updates for the customer.

The ideal candidate will have experience performing industry-standard ISSO tasks, as well as experience in tailoring standard process lifecycles to function effectively in a small, fast-paced environment. S/he must have strong written and verbal individual and organizational communication skills and the ability to articulate technical project requirements to both customers and internal teams.

KEY RESPONSIBILITIES

• Participating in high-level enterprise architecture analysis, evaluation, design, integration, documentation, and development to include security control design and security package documentation.

• Understanding, implementing, documenting, communicating, and assessing NIST 800-53 security controls

• Documenting security control implementations and the respective systems, applications, tools, devices, etc. that are part of the comprehensive solution.

• Identifying the artifacts that demonstrate security controls are implemented as documented.

• Analyzing security controls and the impact major and/or significant changes would introduce to the environment.

• Researching remediation options for findings or vulnerabilities identified for security controls.

• Assessing and/or authorizing systems in accordance with the Risk Management Framework (RMF).

• Applying high-level business and technical principles and methods to very difficult technical problems to arrive at creative information

• Recommending, taking action, and documenting the solution to direct the analysis of IA/security control-related issues.

• Supporting the IA functions and related security controls for the services deployed above the hypervisor to customers in the DOD on-premise and cloud based offerings.

• Consulting with customers in the DOD on-premise and cloud based offers on authorizing their systems through DOD RMF.

 EDUCATION AND EXPERIENCE

• Bachelor’s degree in a related business or technical discipline (Systems Security Engineering, Software Engineering, or Computer Science, etc.), or the equivalent combination of education, technical training, or work/military experience.

REQUIRED QUALIFICATIONS

• 5+ years or relevant experience.

• Ability to work closely with stakeholders, developers, and external teams including customer security managers (ISSMs), organizational leadership, and key personnel.

• Identify requirements for documentation associated with system categorization, the System Security Plan, and systems risk assessment as required under NIST 800-53/53A.

• Previous experience completing customer Assessment and Authorization (A&A) process from start to end.

• Demonstrated on-the-job experience with RMF implementation and tracking tools like Enterprise Mission Assurance Support Service (eMASS).

• Assess system compliance with NIST requirements, identifying weaknesses and evaluating planned remedial actions based upon those requirements.

• Support control implementation assessment and reporting and monitoring processes using cyber security and assessment management systems.

• Understanding of perimeter controls (firewalls), access control mechanisms, and network architectures.

• Strong understanding of methodologies for researching and documenting software and hardware vulnerabilities.

• Skilled in cross-team collaboration and effective communication to fulfill specific accreditation requirements.

• Strong verbal and written communication/cooperation within a team context.

• Ability to work within fast-paced customer environments.

• Demonstrated skill documenting processes and procedures in CONOPS, system security, contingency, configuration management and other plans.

• Demonstrated ability to facilitate customer concurrences required for risk-based decisions requiring waivers.

• Experience assisting the customer with decisions impacting the security posture and compliance of their systems and networks with requirements as documented in NIST 800-53 and its revisions.

• Excellent verbal and written communication skills.

• Experience with Microsoft Office tools like PowerPoint, Word, Excel, etc.

• Secret Clearance with ability to obtain Top Secret.

• DoD 8570.01 IAM Lvl III certification.

• Onsite work location in Colorado Springs, Miami, or El Segundo.

• Travel required.

 DESIRED QUALIFICATIONS

• Certified Information Systems Security Professional (CISSP) or DoD 8570.01-M IAM Lvl II certification.

• Demonstrated on-the-job experience with Jira Software for planning and tracking projects.

• Knowledge of the US Military, their network systems and infrastructure, processes and procedures, and request and approval tools.

• Skilled with and/or demonstrated technical aptitude with vulnerability and risk assessment tools such as Elasticsearch or Splunk SIEMs, ACAS (Nessus), and ESS (HBSS).

WHAT GDIT CAN OFFER YOU:

• Full-flex work week.

• 401K with company match.

• Internal mobility team dedicated to helping you own your career.

• Collaborative teams of highly motivated critical thinkers and innovators.

• Ability to make a real impact on the world around you.