Reflexive Concepts is seeking a skilled Information System Security Officer II to join our team! The candidate will be responsible for security architecture and systems engineering supporting projects. The ISSO will provide guidance to the team to support system accreditation (IATT and ATO).  

ISSO tasks include:

• Prepare system security plan (SSP) and provide recommendations to assist in obtaining ATOs.
• Identify, develop (either directly, or in coordination with applicable experts), review and incorporate common artifacts found in an RMF accreditation package such as: system architecture and boundaries, hardware and software lists, risk assessment reports, POA&Ms, data flows, and other necessary system, network, and application documentation.
• Work with ISSM and DAOs to ensure systems obtain and maintain accreditation.
• Verify package submissions have met the threshold for approval such as: C&A Package for System Reauthorization, SAR Findings, CTO’s, POA&Ms, and System Security Plans (SSPs).
• Apply continuous monitoring techniques to evaluate the systems security posture.
• Create tasking for developers and system administrators as changes and patching are required.
• Oversee the implementation of software patches to maintain the security posture of the organization.
• Responsible for implementing, and enforcing information systems security policies, standards, and methodologies.
• Familiarity with the use of vulnerability scanning and assessment tools (e.g., ACAS/Nessus) necessary to identify and document compliance.
• Review Audit Logs on a weekly basis.
• Perform Data transfers on a weekly basis driving from CACI Hanover Office to Ft. Meade. 
• Maintain and report assessment and authorization statuses and issues in accordance with organizational guidance.
• Understand the PRIVAC process. Support personnel with new PRIVAC requests and extensions. 

Requirements:

• TS/SCI Clearance with polygraph
• This position has been designated as requiring IAM Level 1 CWIP certification and requires one of the following baseline certifications to qualify
  • CAP, CND, Cloud+, GSLC, Security+CE, HCISPP, CASP+CE, CISM, CISSP (or Associate), CCISO
• Bachelor's degree in Computer Science or related discipline from an accredited college or university 
• Ten (10) years experience as an ISSO on programs and contracts of similar scope, type, and complexity is required. Four (4) years of additional experience as an ISSO may be substituted for a bachelor's degree.
• Experience is to include at least two (2) of the following areas: 
  • Knowledge of current security tools
  • Hardware/software security implementation
  • Communication protocols
  • Encryption techniques/tools
• Experience with:
  • The ICD 503/NIST 800-53 certification and accreditation process
  • The Risk Management Framework 
  • Developing and maintaining SSPs 
  • IAVA review and handling 
  • Interpreting Security Scan results
  • Interfacing with System Administrators and Software Engineers 
  • Task tracking systems (e.g. Jira, Redmine, ServiceNow)
• Understands:
  • Public Key Infrastructure-based authentication 
  • A variety of security policies, especially within the IC 
  • Fundamentals of technical security risk assessment
  • Understands how to perform analysis of alternatives
• Able to clearly communicate ideas and status updates to management and other stakeholders.