Solidus is searching for an ISSO Specialist.
The successful candidate will prepare for and participate in periodic organization compliance assessments at a prestigious research facility. Additionally, they will assist and support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs). The successful candidate will be knowledgeable in computer security principles and policies.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
- Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
- Track audit findings and recommendations to ensure that appropriate mitigation actions are taken. Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.
- Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to key stake holders
- Recognize a possible security violation and take appropriate action to report the incident, as required.
- Assist the Program Managers and the Information System Security Manager (ISSM) in the development and maintenance of System Security Plans (SSP) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Report, and Continuous Monitoring Strategy
- Ensure systems are operated, maintained, and disposed of in accordance with organization security policies and procedures
- Conduct network, system, and application vulnerability scanning, configuration assessment, and remediation
- Lead and align information technology (IT) security priorities with the security strategy.
- Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
- ship and an Active Secret, TS/SCI with Poly preferred
- BS +4 years of experience
- 4+ years of experience System Auditing
- 4+ years of experience Regulatory & Compliance
- 4+ years of experience with the following Security protocols:
* DISA STIGs/SCAP
* Security - Assessing Security Controls (CS105.16)
* Assessment and Authorization
* Authorizing Systems (CS106.16)
* Categorization of the System (CS102.16)
* Continuous Monitoring (CS200.16)
* Implementation of Controls (CS104.16)
* Monitoring Security Controls (CS107.16)
* NIST 800-53
* NIST SP 800-37
* Risk Management Framework (RMF)
* Selecting Security Controls (CS103.16)
- Ability to respond to off-hours emergencies
- Requires occasional local and overnight travel
- Experience with the following Security protocols:
* National Industrial Security Program Operating Manual (NISPOM)
* Joint SAP Implementation Guide (JSIG)
* Intelligence Community Directive (ICD) 503
* DoD Manual 5205.07 Volumes 1- 4
Req ID - 4008
Applicants selected must meet eligibility requirements for access to classified information. U.S. Citizenship may be required. Solidus is an Equal Opportunity Employer and participates in E-Verify. NOTICE OF AFFIRMATIVE ACTION PLAN FOR INDIVIDUALS WITH DISABILITIES, DISABLED VETERANS AND OTHER PROTECTED VETERANS. It is the policy of this Company to seek and employ qualified individuals at all locations and facilities, and to provide equal employment opportunities for all applicants and employees in recruiting, hiring, placement, training, compensation, insurance, benefits, promotion, transfer, and termination. To achieve this, we are dedicated to taking affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, and other protected veterans. The objective in adopting the Affirmative Action Programs is to place qualified individuals with disabilities, disabled veterans and other protected veterans in all job classifications. These Affirmative Action Programs are available for inspection by any applicant or employee by contacting the Company's EEO Coordinator, in the Human Resources office, Monday through Friday, 8am to 5pm.
Please Note: Solidus does not accept applications from agencies, 3rd party vendors, or applications with incomplete information.