Information System Security Engineer ISSE II

We are an employee-centric company that truly appreciates our team members and their value to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and fostering teams that are and continue to be technically proficient and technically capable across a comprehensive range of cyber mission areas. OneZero full-time employees receive an extremely competitive benefits package that includes health/dental/vision/life insurance plans 401K with company matching PTO & paid holidays employee referral program and educational assistance. Additional details can be found on our website at: Title: ISSE II

Clearance: Secret

Location: Philadelphia PA with Travel to Keyport Fl and San Diego

Job Summary:

This position will work with OneZero Solutions to support the Naval Surface Warfare Center Philadelphia Division (NSWCPD). The NSWCPD is a Department of Defense entity responsible for research and development test and evaluation engineering and fleet support organization for the Navys ships submarines military watercraft and unmanned vehicles. This requirement is for NSWCPD Code 104 which is responsible for Information Technology Operations Division of NSWCPDs Research Development Test & Evaluation (RDT&E) and Business Systems cybersecurity and information assurance support.

The ISSE II will provide cybersecurity support to the NSWCPD Information Technology Operations Division (Code 104) focusing on the development maintenance and tracking of Risk Management Framework (RMF) system security plans and ensuring compliance with Department of Defense (DoD) and Navy cybersecurity requirements. The role supports a variety of Navy networks and systems including RDT&E NMCI CTF and closed enclave networks.

Education and Experience:

• Bachelors Degree in computer science information technology or an equivalent technical degree from an accredited college or university.
• Three (3) years professional experience capturing and refining information security operational and security requirements and ensuring those requirements are properly addressed through purposeful development and configuration; and implementing security controls configuration changes software/hardware updates/patches vulnerability scanning and securing configurations.
• Minimum certification requirement: CCNA-Security CySA GICSP GSEC Security CE CND SSCP.

Essential Duties:

Assist in developing maintaining and tracking RMF system security plans including:

• System Categorization Forms
• Platform Information Technology (PIT) Determination Checklists
• Assess Only (AO) Determination Checklists
• Implementation Plans
• System Level Continuous Monitoring (SLCM) Strategies
• System Level Policies Hardware/Software Lists System Diagrams Privacy Impact Assessments (PIA) and Plans of Action and Milestones (POA&M)

• Execute the RMF process to support Interim Authority to Test (IATT) Authorization to Operate (ATO) and Denial of Authorization to Operate (DATO)
• Identify and tailor IT and Cybersecurity control baselines based on RMF guidelines
• Perform Ports Protocols and Services Management (PPSM)
• Conduct IT and Cybersecurity vulnerability-level risk assessments
• Execute security control testing as required by risk assessments or annual security reviews
• Mitigate and remediate system-level vulnerabilities per STIG requirements
• Develop and maintain POA&Ms in Enterprise Mission Assurance Support Service (eMASS)
• Develop and maintain system-level IT and Cybersecurity policies and procedures
• Implement and assess STIGs and SRGs
• Perform vulnerability assessments using automated tools (e.g. ACAS SCAP SCC)
• Deploy security updates and patches to Information System components
• Conduct routine audits and maintain inventory of IT system hardware and software
• Participate in IT change control and configuration management processes
• Upload vulnerability data in Vulnerability Remediation Asset Manager (VRAM)
• Image/re-image assets and install/troubleshoot software to support compliance
• Assist with removal of critical components (SSD/HDD) prior to asset destruction
• Provide cybersecurity patching in response to DoD/DoN TASKORDs FRAGORDs or as required by management
• Support configuration change documentation and maintain DoD STIG compliance
• Support cyber compliance for enterprise IT network assets (Windows server CISCO hardware)
• Report compliance issues to management to avoid operational loss

Knowledge Skill and Abilities:

• Compliance with all NSWCPD DoD and Navy policies procedures and regulations
• Ability to work independently and as part of a cross-functional team
• Strong communication skills for reporting documentation and stakeholder engagement.

OneZero Solutions LLC is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age pregnancy genetic information disability status as a protected veteran or any other protected category under applicable federal state and local laws.

To request an accommodation please contact us at or call .