Information System Security Engineer (ISSE)

CommIT Enterprises, Inc. is seeking an Information Systems Security Engineer (ISSE) based out of Stafford, VA with demonstrated expertise supporting projects for the Department of Defense (DoD).

The ideal candidate will assist our Naval Surface Warfare Center, Indian Head Division (NSWC IHD) client in the planning and execution of the cyber security requirements of DoD systems and for ensuring adherence to the DoD Risk Management Framework (RMF) process. This position will require frequent customer engagement in order to understand and solve technical issues and support the accurate and timely delivery of products for each supported program.

Established in 2001, CommIT is a Certified Veteran-Owned Small Business (CVOSB) providing innovative technical engineering and data science services. Our enterprise systems support includes the Department of Defense’s (DoD) GCSS-MC, TBMCS-MC, and the Department of Veteran’s Affairs’ (VA) telehealth communications. We offer acquisition management, systems engineering, Agile software development, cloud management, IT modernization, data analytics, cybersecurity, and training, including leading-edge DevSecOps, automated testing, and mobile application development.

Your essential job functions will include but may not be limited to-

• Create authorization package records in Marine Corps Certification and Accreditation Support Tool (MCCAST) or Enterprise Mission Assurance Support Service (eMASS) for assigned systems

• Support identification of the system type (IS, IT product, IT service) and any special considerations including multi-service/agency, joint, cross domain, data classification, tactical, space, etc., to support categorization

• Support the determination of the appropriate Defense–in–Depth Functional Implementation Architecture (DFIA) defense level (DL), CYBERSAFE grade, and security categorization in accordance with (IAW) CNSSI 1253 for assigned systems

• Support the generation of controls for assigned systems IAW the DFIA DL, CYBERSAFE grade, security categorization, and applicable overlays

• Assess and document the security control set for assigned systems to determine the applicability and compliance of the individual controls within the security control set

• Develop Cyber Security Strategy based on the security categorization for assigned systems

• Develop Security Plan (SP) and Information System Continuous Monitoring (ISCM) strategy in MCCAST or eMASS for assigned systems

• Support the Security Control Assessor (SCA) and Authorizing Official (AO) review of the security control set to address any feedback received during the review

• Collaborate with the NSWC IHD ISSO and Security Control Validator (SCV) to develop the Security Assessment Plan (SAP)

• Support the NSWC IHD ISSO in implementing and testing the security control set IAW the SAP.  Documenting the pre-assessment results in a Plan of Actions and Milestones (POA&M) and Security Assessment Report (SAR).

• Support the SCA and AO review of the pre-assessment POA&M and SAR to address any feedback received during the review

• Assist the NSWC IHD ISSO in providing updates to the Security Validation POA&M to address open vulnerabilities that were verified by the SCV during the official security assessment

• Support the NSWC IHD ISSO in completing, assembling, and submitting the Security Authorization Package (SAP) for the SCA and AO review and AO authorization

• Support the SCA and AO review of the SAP to address feedback received during the review

• Support the NSWC IHD ISSO in maintaining the security posture of assigned systems as identified in the ISCM Strategy

• Support the NSWC IHD ISSO in planning and performing cyber security testing by continuously assessing the security posture of assigned systems

• Assist with any security testing required as part of A&A self-assessments

Required Experience and Education

• Bachelor’s degree from an accredited college or university in Computer Science or Information Management; preferred

• Three (5) years of professional experience

• At least three (3) years of experience in defining security programs or processes for the protection of sensitive or classified information

• Four (4) years of systems related experience or DoD 8570 IAT Level II qualifications may be substituted for a bachelor’s degree

• Sec+, or equivalent, required

• Experience working in a team-oriented, collaborative environment.

Travel

• 20% of the time

Security Requirements

• Secret Clearance

Equal Opportunity Employer

CommIT Enterprises, Inc. is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.