VTG Defense
Information Systems Security Engineer (ISSE)
VTG Defense, Joint Base Pearl Harbor Hickam, Hawaii, United States,
Overview
VTG is seeking an Information Systems Security Engineer in Pearl Harbor, Hawaii. This role includes development of policy letters, network and data flow diagrams, review and documentation of assesment results (ACAS Scans, STIGS, NIST 800-53 Rev 5) and Enterprise Mission Assurance Suport Service (eMASS) Plan of Action and Milestones (POAM) updates towards achieving full Authorization to Operate (ATO).This role is 100% onsite.What will you do?
The ISSE will support all six steps of the Risk Management Framework (RMF) processes:Categorize System. Participate in the system categorization and maintain the formal decision document as a part of the CNRH 3SPN v2 System's Authorization package. Identify and document all hardware and software within the system architecture using the format/template on eMASS. Draft and/or update system architecture and data flow diagrams. Ensure that all IA enabled devices and application are DON Application and Database Management System (DADMS) approved.
Select Security Controls. Tailor system security control, identify any common controls and overlays in eMASS. Identify and justify any control output from categorization that are Not Applicable. Develop policy letters for individual NIST 800-53 control family; ensuring appropriate Control Correlation Identifier (CCI) are appropriately documented. Develop Security Assessment Plan; identifying applicable test tools (ie DISA STIGs) required to properly assess system. Identify, document and register system Ports, Protocols and Services (PPS) used within the system.Implement Security Controls.Execute the Security Assessment Plan (SAP); completing applicable STIGs, performing vulnerability scans and documenting results. Complete NIST 800-53 Assessment Procedures within eMASS and documenting any non-compliant test results and Assessment Procedures on the POAM in eMASS. Ensure traceability throughout the system eMASS records are completed and ready for the Security Control Assessment in Step 4.Assess Security Controls. Support the Independent Validation and Verification (IV&V) test event. Addressing immediate feedback and response to questions related to system test results, control assessment, policy documentation, etc.Authorize System. Validate all required artifacts in the Information
System Security Manager / Engineer (ISSM / ISSE) assembled Security Assessment Package are current and representative of the systems being presented for AO adjudication.Provide a formal written recommendation within the Security Assessment Report to the AO for review and final acceptance Monitor Security Controls.Evaluate Continuous Monitoring (ConMon) Plans and shall participate in Operational Assessments.Prepare materials for, and participate in, weekly and/or adhoc meetings.Do you have what it takes?
Must possess a final/active SECRET clearance.Current Sec+ or CISSPAt least five (5) years providing cybersecurity services using Risk Management Framework (RMF).At least five (5) years' experience with the DoD authoritative Enterprise Mission Assurance Support Service (eMASS).At least five (5) years supporting Independent Validation and Verification (IV&V) test events.At least five (5) years providing validation of required artifacts in the Information System Security Manager/Engineer (ISSM/ISSE) Security Assessment Package.Desired:Five (5) years providing cybersecurity services throughout the cybersecurity lifecycle process.Five (5) years' experience with Shore Sensor System Platform Network (3SPN) v1.Five (5) years' experience with Virtual Perimeter Monitoring System (VPMS).Five (5) years' experience with Navy Access Control Systems (NACS).This is a Military Friendly job opportunityThis role is contengent upon contract award.Pay Range: VTG's estimated starting pay range is $95,000-134,000, which is a general guideline for the geographic location. When extending an offer, VTG also considers work experience, education, skill level, market considerations and may possibly include contractual requirements which may cause an offer to fall outside of this range.
VTG is seeking an Information Systems Security Engineer in Pearl Harbor, Hawaii. This role includes development of policy letters, network and data flow diagrams, review and documentation of assesment results (ACAS Scans, STIGS, NIST 800-53 Rev 5) and Enterprise Mission Assurance Suport Service (eMASS) Plan of Action and Milestones (POAM) updates towards achieving full Authorization to Operate (ATO).This role is 100% onsite.What will you do?
The ISSE will support all six steps of the Risk Management Framework (RMF) processes:Categorize System. Participate in the system categorization and maintain the formal decision document as a part of the CNRH 3SPN v2 System's Authorization package. Identify and document all hardware and software within the system architecture using the format/template on eMASS. Draft and/or update system architecture and data flow diagrams. Ensure that all IA enabled devices and application are DON Application and Database Management System (DADMS) approved.
Select Security Controls. Tailor system security control, identify any common controls and overlays in eMASS. Identify and justify any control output from categorization that are Not Applicable. Develop policy letters for individual NIST 800-53 control family; ensuring appropriate Control Correlation Identifier (CCI) are appropriately documented. Develop Security Assessment Plan; identifying applicable test tools (ie DISA STIGs) required to properly assess system. Identify, document and register system Ports, Protocols and Services (PPS) used within the system.Implement Security Controls.Execute the Security Assessment Plan (SAP); completing applicable STIGs, performing vulnerability scans and documenting results. Complete NIST 800-53 Assessment Procedures within eMASS and documenting any non-compliant test results and Assessment Procedures on the POAM in eMASS. Ensure traceability throughout the system eMASS records are completed and ready for the Security Control Assessment in Step 4.Assess Security Controls. Support the Independent Validation and Verification (IV&V) test event. Addressing immediate feedback and response to questions related to system test results, control assessment, policy documentation, etc.Authorize System. Validate all required artifacts in the Information
System Security Manager / Engineer (ISSM / ISSE) assembled Security Assessment Package are current and representative of the systems being presented for AO adjudication.Provide a formal written recommendation within the Security Assessment Report to the AO for review and final acceptance Monitor Security Controls.Evaluate Continuous Monitoring (ConMon) Plans and shall participate in Operational Assessments.Prepare materials for, and participate in, weekly and/or adhoc meetings.Do you have what it takes?
Must possess a final/active SECRET clearance.Current Sec+ or CISSPAt least five (5) years providing cybersecurity services using Risk Management Framework (RMF).At least five (5) years' experience with the DoD authoritative Enterprise Mission Assurance Support Service (eMASS).At least five (5) years supporting Independent Validation and Verification (IV&V) test events.At least five (5) years providing validation of required artifacts in the Information System Security Manager/Engineer (ISSM/ISSE) Security Assessment Package.Desired:Five (5) years providing cybersecurity services throughout the cybersecurity lifecycle process.Five (5) years' experience with Shore Sensor System Platform Network (3SPN) v1.Five (5) years' experience with Virtual Perimeter Monitoring System (VPMS).Five (5) years' experience with Navy Access Control Systems (NACS).This is a Military Friendly job opportunityThis role is contengent upon contract award.Pay Range: VTG's estimated starting pay range is $95,000-134,000, which is a general guideline for the geographic location. When extending an offer, VTG also considers work experience, education, skill level, market considerations and may possibly include contractual requirements which may cause an offer to fall outside of this range.