logo

View all jobs

Sr. Information System Security Officer

Annapolis Junction, MD
Why Work at SI?
Secure Innovations (SI) successfully and continuously strives to become experts in the Cybersecurity field by only focusing on Cyber!  Because of this, we proudly stand behind our motto, "We're Not Standard Cyber. We're the Cyber Standard."

SI was built on the principle that people matter first and foremost.  Our focus is on PEOPLE - our employees and our customers.  SI believes in providing a strong work/life balance by investing in our employees and encouraging professional and personal growth.  We do this by offering exceptional benefits, flexible schedules, and the tools necessary to achieve success through paid training, mentoring, and the opportunity to work alongside top-notch security professionals.

Qualifications:
15 years related experience - preferred experience with knowledge of current security tools, hardware software security implementation; communication protocols; and encryption techniques/tools. 

B.S. Degree & DoD 8570 compliance with IAM Level I or higher is required.

*Active government clearance is required*

Position Description:
  • Provides support for a program, organization, system, or enclave's information assurance program. 
  • Provide support to senior ISSO's for implementing, and enforcing information systems security policies, standards, and methodologies 
  • Develop and maintain documentation for C&A in accordance with ODNI and DoD policies 
  • Develop and update the system security plan and other IA documentation 
  • Provide CM for security-relevant information system software, hardware, and firmware 
  • Assist with the management of security aspects of the information system and perform day-to day security operations of the system 
  • Interact with customers, IT staff, and high-level corporate officers to define and achieve required IA objectives 
  • Provide daily oversight and direction to contractor ISSO's as needed
The day-to-day activities can include:
  • Reviewing system log files for anomalous activity (splunk, enterprise monitoring tools)
  • Reviewing published vulnerability alerts, creating Plans of action and milestones for relevant alerts; tracking completion and closing alerts
  • Reviewing progress toward meeting enterprise security initiative and following up with system administrators
  • Starting new systems in the Risk Management Framework
  • Hardware/software addition or removal from the relevant documentation
  • Reviewing software, application, firewall rules, and local security policy modifications
  • Completing vulnerability scans if necessary
  • Reviewing applications for listening services, ports, and protocols; Reviewing system function and data architecture/flow
  • Documenting security relevant changes requiring escalation to approving officials
  • Conducting Privacy Impact Assessments for systems containing privacy information
  • Completing security reauthorization checklists
  • Work with security control assessors and authorizing officials to address concerns found during testing
  • Creating, reviewing, updating relevant documentation (CM plan, privileged user guide, security control traceability matrix, controls implementation, disaster recovery plans, self-testing  
  • Completing decommissioning checklists for systems being retired
Powered by