Key Facts

Remote From:

Full time

Mid-level (2-5 years)

English

Hard Skills

NIST 800 Risk Management Emarsys Project Implementation System Monitoring Standard Operating Procedure Patch Management Security Content Automation Protocol Vulnerability Management Package Management Systems +12 more

Other Skills

•
Collaboration
•
Communication
•
Teamwork
•
Analytical Thinking
•
Detail Oriented

Roles & Responsibilities

Bachelor's degree in Computer Science, Information Technology, Information Assurance, CyberSecurity, or an equivalent technical degree from an accredited college or university
Three (3) years or more of direct experience performing ISSO/ISSE duties within a DoD component
Minimum certification: CGRC, SecurityX, CISM, CISSP, GSLC, CCISO, CCNA/CCNP Security, CySA+, GICSP, CND, GSEC, Security+ CE, SSCP, CISA, GCED, or GCIH
U.S. Citizenship and active government security clearance

Requirements:

Maintain AO approvals and ATOs by performing Continuous Monitoring (CM) activities IAW DoD, Navy, and NAVSEA policy, guidelines, and directives
Assess, document, and review NIST SP 800-53 security controls IAW DoD, Navy, and NAVSEA policy, guidelines, and directives
Perform automated vulnerability assessments utilizing DoD, Navy, and NAVSEA approved tools such as ACAS, SCAP, Evaluate-Stig, and eMASSter
Manage RMF system packages and the required AA artifacts in eMASS, and develop/maintain Plans of Action and Milestones (POAMs) for systems in eMASS

Ishpi Information Technologies, Inc. (DBA ISHPI)

About Ishpi Information Technologies, Inc. (DBA ISHPI)

ISHPI works in concert with other defenders of the Homeland to fortify national preparedness, agility, strength and advantage in the cyber domain – a readiness state we refer to as an Holistic CyberStance™. Using our integrated Holistic™ service solutions fortified with CyberSmithed™ and ActiveDefense™ processes, we weave the armor and forge the weapons that enable our clients to maintain a dominating Holistic CyberStance™ – always ready to Anticipate, Defend, Exploit and Attack in the Cyber domain. Our Information Operations, Advanced Information Services, C5ISR Engineering & Technical Services, and Training & Consulting business units work in unison to provide experienced people, proven processes, technology, advice and leadership to enable full spectrum Cyber capability. ISHPI was born a cyber-services company supporting U.S. Armed Forces personnel and other direct defenders of the homeland with a heavy focus on emerging asymmetric Information Operations. Our focus on cyber related services has held steady while our client base and functional capabilities expanded exponentially to envelop essentially all cyber impacted components of modern warfare. Philosophically, our approach to cyber surety has evolved to become Holistic in nature, based on a firm conviction that cyber activities are never truly secure unless every layer of the OSI model and every human input associated with the activity is Holistically engineered and integrated for cyber security. In 2014 ISHPI acquired Advanced Information Services Inc., a globally recognized leader in Software Development Quality and the winner of the 2013 Government Information Security Leadership Award for secure software lifecycle practices and the IEEE Computer Society Software Process Achievement Award. The acquisition added CMMI Maturity Level 5 Cyber-Secure Software Development to ISHPI’s Holistic CyberStance™ Strategy.

Founded: 2018

Company size: 201 - 500

LinkedIn See all jobs →

Job description

Overview:

Ishpi Information Technologies, Inc. (DBA ISHPI) is passionate about providing our customers with technical solutions that satisfy their business needs. Through collaborative interactions with customers, team members, subject matter experts (SMEs), technical leaders, and partners we design practical solutions that solve real problems for major government and business organizations. As a member of our group, you will work with a team focused on delivering innovative business solutions using emerging technologies through proven successful methods.

Responsibilities:

The ISSO/ISSE will provide Risk Management Framework (RMF) and cybersecurity support to Naval Surface Warfare Center, Philadelphia Division (NSWCPD) Code 418 Information Technology Operations. These duties include but are not limited to:

Maintain Authorizing Official (AO) Approvals and Authorizations to Operate (ATOs) by performing Continuous Monitoring (CM) activities IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
Assess, document, and review NIST SP 800-53 security controls IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
Perform automated vulnerability assessments utilizing DoD, Navy, and NAVSEA approved tools such as Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), Evaluate-Stig, and eMASSter.
Perform RMF Annual Security Reviews (ASRs) IAW the RMF Process Guide (RPG), NAVSEA Business Rules, and NAVSEA Standard Operating Procedures (SOPs).
Document, assess, and seek approval for system/baseline changes IAW Navy Authorizing Official (NAO) and Functional Authorizing Official (FAO) guides as documented in the NAVSEA Business Rules.
Manage and maintain RMF system packages and the required A&A artifacts in Enterprise Mission Assurance Support Service (eMASS) IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
Perform System Level Continuous Monitor (SLCM) IAW approved System Security Plans (SSPs) in eMASS.
Develop and maintain Plans of Action and Milestones (POA&Ms) for systems in eMASS.
Develop and maintain project integrated master schedules for RMF projects.
Evaluate, remediate, and mitigate technical and non-technical vulnerabilities.
Provide cybersecurity patching of assets as required by DoD and DoN TASKORDs, FRAGORDs, or as designated by Command ISSM, ACIO, and/or Code 418 management.
Ensure correct application and implementation of DoD Security Technical Implementation Guides (STIGs) and Security Requirements Guide (SRGs).
Lead or assist with developing, maintaining, and tracking Risk Management Framework (RMF) system security plans to include System Categorization, Security Control Set, Platform Information Technology (PIT) Determination Checklists, Assess Only (AO) Determination Checklists, Implementation Plans, System Level Continuous Monitoring (SLCM) Strategies, System Level Policies, Hardware Lists, Software List, System Diagrams, Privacy Impact Assessments (PIA), and other package evidence or implementation guidance as required.

Qualifications:

Education: Bachelor’s degree in Computer Science, Information Technology, Information Assurance, CyberSecurity, or an equivalent technical degree from an accredited college or university.

Experience: Three (3) years or more of direct experience performing the above duties as an ISSO, ISSE, or Navy Qualified Validator (NQV) within a DoD component.

Minimum Certification Requirement includes one of the following: CGRC, SecurityX, CISM, CISSP, GSLC, CCISO, CCNA/CCNP Security, CySA+, GICSP, CND, GSEC, Security+ CE, SSCP, CISA, GCED, GCIH

Security Clearance: Requires U.S. Citizenship and an active government security clearance.

“Ishpi Information Technologies, Inc. is an Equal Opportunity Employer. All qualified candidates will be considered without regard to legally protected characteristics.

Pay Rate:
The annual base salary range for this position is $90,000 - $105,000. Please note that any salary information disclosed is a general guideline only. Ishpi considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/ training, key skills as well as market and business considerations when extending an offer.

Expression of Interest: By applying to this job, you are expressing interest in this position and could be considered for other career opportunities where similar skills and requirements have been identified as a match. Should this match be identified, you may be contacted for this and future openings.

*cj