Information Systems Security Officer Junior

Sev1Tech is looking for a Junior-level Information Systems Security Officer (ISSO) who can assist in the preparation submission and monitoring of accreditation packages through the Risk Management Framework (RMF) process ensuring receipt of Interim Authority to Test (IATT) or Authority to Operate (ATO) in support of the Naval Supply Systems Command (NAVSUP) Ordnance Information System (OIS) program. The ISSO will assist in maintenance of current operating cybersecurity environment within AWS GovCloud operating environment.

The ISSO will apply their knowledge of DOD Cybersecurity processes and best practices used to secure technical solutions including applications systems architectures and infrastructures on-site in either Mechanicsburg PA or Yorktown VA.

If position filled in Yorktown VA travel to Mechanicsburg PA will be required for Program Increment planning sessions 2 times per year. Additional travel may be required for other meetings.

This critical role will also be responsible for working with the Cyber team leads to ensure the team meets customer requirements to include:

• Meeting and maintaining DOD RMF CYBER certification and accreditation requirements including researching testing and providing technical information for obtaining required system accreditation.
• Developing Security Requirements Traceability Matrix (STRM) aligning security requirements with the individual components of a system.
• Performing checks of systems and applications for Information Assurance vulnerabilities using approved automated IA tools (ACAS VRAM SCAP-compliant scanners DISA STIG Viewer etc.) custom scripts and manual processes (i.e. Security Technical Implementation Guides STIGS).
• Monitoring OIS security posture documenting raw findings in a quick look report for customer notification. Create and maintain system Plan of Action and Milestones (POA&Ms) of open vulnerabilities and applied mitigations utilizing Department of Defense Enterprise Mission Assurance Support Service (eMASS) tool.
• Supporting the development and documentation of risk assessment results and recommendations using identified threats applicable vulnerabilities and likelihood of occurrence within context of risk tolerances
• Monitor all database and application software used in OIS for version change control and nearing/exceeding last date allowed in the Department of Navy Application Database Management System (DADMS).
• Coordinating/interfacing with OIS Technical Team Defense Information Systems Agency (DISA) IA Staff and Fleet Cyber Command to document review revise and submit changes related to Ports Protocols and Services Management (PPSM) Access Control Lists (ACLs) and Whitelists. This support includes preparing and submitting the registration forms for new requirements.
• Supporting DOD IT Portfolio RepositoryDON (DITPR-DON) to support the annual review.
• Providing recommendations for corrective actions and mitigation strategies.
• Producing security risk assessment briefs and reports for delivery to stakeholders and senior management.
• Support the DevSecOps team in implementing Cyber Security requirements to achieve and maintain accreditation and authority to operate within specified timelines.
• Interpret OS web server and database scans to facilitate resolving security findings with the DevSecOps team and external teams
• Conducting security monitoring through the use of VRAM (Vulnerability Remediation Asset Manager) and applying mitigation techniques to reduce and remediate vulnerabilities
• Coordinating / troubleshooting with afloat platforms to assist in identification and remediation of cybersecurity vulnerabilities within the Program of Record (POR) area of responsibility
• Ensure systems are scanned patched and compliant with DoD policy
• Troubleshoot Windows and RHEL security policies
• Support with configurations including CloudWatch logs registering systems reporting and manage findings
• Assess systems to determine applicable IA controls based on design architecture and data
• Attend risk management and system meetings to provide status updates and take action items
• Other as needed

• Must have DOD Secret level clearance to start (T3 background investigation)
• Certification Requirement: Directive 8570.1/8140 IAM-1: Security
  • Allowable substitutes for Security include CAP CND Cloud GSLC HCISPP
• Bachelors degree with a minimum of 5 years of relevant experience. (4 years of additional experience in lieu of Bachelors degree is acceptable)
• Experience performing risk assessments and audits.
• Knowledge of the overall Risk Management Framework and NIST compliance as a security professional.
• Familiarity with Cyber Security policies and requirements
• Ability to work independently

• Experience performing risk assessments and audits.
• Knowledge of the overall Risk Management Framework and NIST compliance as a security professional.
• Familiarity with Cyber Security policies and requirements
• Ability to work independently

Welcome to Sev1Tech! Founded in 2010 we are proud to be a leading provider of IT modernization engineering and program management solutions. Our commitment is to deliver exceptional program and IT support services that empower critical missions for both Federal and Commercial clients.

At Sev1Tech our mission is clear: Build better companies. Enable better government. Protect our nation. Build better humans across the country. We believe that through innovation and dedication we can make a significant impact on the communities we serve.

Join the Sev1Tech family where your potential for greatness is limitless! Here you will not only achieve remarkable accomplishments but also enjoy a fulfilling and rewarding career progression. We invite you to explore opportunities with us and become part of a team that values your contributions and growth.

Ready to take the next step Apply directly through our website: Sev1Tech Careers and use the hashtag #joinSev1Tech to connect with us on social media!

For any additional questions or to submit referrals feel free to reach out to.