Information Systems Security Engineer (Active DOD Clearance) at NavAide

Job Summary:

Seeking a highly motivated and experienced DoD/DoN Information Systems Security Engineer (ISSE). The ideal candidate is an information systems security professional and an independent ‘self-starter’ who has experience in management of a DoD/DoN IT system RMF package, development, maintenance, and sustainment.

The ISSE is a key member of the Cybersecurity/IA team and works closely with our customers across functional teams to provide and review compliance assessments, as well as help engineer secure solutions in accordance with Navy, DoD, and other federal regulations. ISSE is well-organized and is very familiar with the DoD’s information security operating environment and will lead a small team’s effort to deliver Information Security, Systems Integration, and Systems Engineering consulting and technical services in support of maintaining the clients Contract Writing suite of applications (ACE-C).

The ISSE will coordinate with team members and clients to engage with the Navy IA community (e.g., Navy Qualified Validators, ISSO, IAM), Navy Data Center and DBA teams to troubleshoot and resolve issues impacting security posture and the functionality of the 3 subsystems that make up the ACE-C suite.

This is an exciting opportunity to contribute to the success of a dynamic organization within the defense industry.

Responsibilities & Duties:

Information Systems Security Engineer/ Senior IA Analyst

• Plan, schedule and facilitate completion of accreditation package(s)
• Provide management oversight, reporting and resource coordination in support of accreditation activities.
• Deep understanding of how to tailor security implementation based on mission and threats.
• Knowledge of security and IT general controls for application development and management
• Create, review and edit Plan of Action and Milestone (POA&M) entries for all identified Program Owned Findings
• Coordinate with Local IA Manager (ISSM) and responsible system administrators for remediation of IA issues resulting from Security Test and Evaluation (ST&E) and findings.
• Participate in all RMF/A&A conferences and stay up to date on the latest information on changes to RMF procedures.
• Perform Security Control Testing in accordance with NIST 800-53 Rev 5, as well as other DoD guidelines as suggested within the RMF Process Guide
• Proven ability to create and maintain effective documentation, including system/program policies, processes, and procedures documented as Artifacts.
• Maintain data within various platforms (e.g., eMASS, SharePoint, Teams)
• Attend Cybersecurity/IA, and Assessment and Authorization (A&A) meetings as required; maintain and deliver the A&A Collaboration meeting minutes to the client.
• Provide Navy Systems Engineering and cybersecurity recommendations.
• Plan for, oversee, and perform emergency preparedness activities to include continuity of operation and disaster recovery (COOP/DR)
• Review compliance with current Cybersecurity policy, regulations, and directives to ensure secure configuration and operation of all operated and maintained IT assets, recommending corrective actions as required Support the change control process and facilitate the Change Control Board (CCB)
• Provide IA support to include, but not limited to, continuous monitoring, ongoing ACE-C IA maintenance and Financial Improvement and Audit Readiness Program Support
• Manage Certification and Authorization timelines, Information Assurance, and policies.

Program Management – IT Systems Engineering and Integration

• Oversee a small team of DBAs who provide Systems Engineering, Systems Integration, and Systems Admin support for the 3 ACE-C applications (PD2, ECC, WebX)
• Engage with and manage ACE related tickets/interactions with Navy Data Center
• Liaise between Navy Data Center and software vendors to schedule and support issue resolution tied to hosting requirements, application upgrades, and systems performance.
• Gather information, identify issues, provide recommendations and draft documentation to achieve overall goals for maintaining ACE-C security posture.
• Draft, update, and/or review ACE-C Program documentation (e.g., reports, briefs, spreadsheets, etc.) and graphics as requested.
• Maintain ACE-C Program documentation in accordance with RMF requirements to include coordinating and performing required updates at or before the required due dates.
• Provide configuration and data management of all documentation.
• Manage annual software product licensing cost/budget.
• Coordinate front end development scheduling and interface dependencies.
• Lead/support the sunsetting of ACE-C applications as the client’s transition into new tools (e.g., WebX migration to ECF)

Qualifications

• 8+ years practical experience in a DoD or DoN Information Assurance (IA) or Certification & Accreditation (C&A) related field
• Knowledge of DoD and Navy IA and Information Systems Security processes, regulations, and tools location and utilization (e.g., Stig Viewer, eMASSter Tool etc.)
• Experienced in eMASS, vRAM, DADMS/DITPR-DoN and other Navy/DoD repository websites.
• Bachelor's degree in a relevant field (e.g., Business Administration, Project Management, Information Systems) is required. Years of Experience can suffice.
• Information Assurance Management (IAM) Level I or Information Assurance Technical (IAT) Level II certification, as outlined by DoD 8570
  • Certified Information Systems Security Professional (CISSP)
• CompTIA Security Plus (Required)
• Experience working with and leading small teams to achieve Information Systems Security requirements.
• Excellent critical thinking and problem-solving abilities, with a keen attention to detail
• Exceptional organizational and time management skills, with the ability to prioritize and manage multiple initiatives simultaneously.
• Excellent written and verbal communication skills, with the ability to effectively communicate complex concepts to diverse audiences.
• Strong interpersonal skills, with the ability to build and maintain relationships with stakeholders at all levels.
• Self-starter with the ability to work independently and take ownership of initiatives with minimal supervision.
• Strong background and knowledge of Use Case scenarios and execution of the workflows required to complete processes.
• Develop Memorandum for Records (MFR) documenting system changes, workflow completion and other processes that require notifications.

About NavAide: NavAide is a rapidly growing consulting group of highly skilled and motivated industry experts with decades of experience in legacy system modernization, business process reengineering, policy and audit support. We leverage cutting edge technology and proven deployment methodologies to help our clients face challenges and navigate complex transitions. For more about us please check out the following links.

• About NavAide - https://navaide.com/about-us
• Other Opportunities - https://navaide.com/jobs
• Employee Benefits - https://navaide.com/careers
• Connect with us on LinkedIn! - https://www.linkedin.com/company/navaide

NavAide is an EEO Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

We participate in E-Verify. Click below to learn more:

• E-Verify Participation Poster
• IER Right to Work Poster