Information Systems Security Officer

Information Systems Security Officer

As an Information Systems Security Officer, you will be entrusted with the critical responsibility of safeguarding the integrity of operating systems and applications. Your role will require you to adeptly identify, select, and implement the most appropriate security controls tailored to a variety of environments. You will be expected to construct and perpetually update bodies of evidence for managed information systems, custom applications, services, and networks. Your expertise will also extend to the creation and distribution of system security policies and processes, ensuring that the operational risk remains minimal. Moreover, you will be conducting internal vulnerability assessments and coordinating with external entities to facilitate audits.

Your day-to-day tasks will involve a high degree of collaboration, requiring you to work closely with other departments such as Program Management, Engineering, and Software Development to synchronize security-related activities. You will be producing comprehensive documentation to meet information security requirements, including the development of full Authorization to Operate (ATO) Packages and supporting documents like System Security Plans (SSPs), Risk Assessment Reports (RARs), Plans of Actions and Milestones (POA&Ms), Security Control Traceability Matrices (SCTMs), Requirements Traceability Matrices (RTMs), Security Life Cycle Models (SLCMs), Security Assessment Reports (SARs), Certification Test Reports, as well as Briefings and Training products. Additionally, you will play a pivotal role in facilitating a secure change management process and the associated Change Control Boards (CCB).

Responsibilities include:

• Identify, select, and implement applicable security controls for various operating systems and applications
• Develop and maintain bodies of evidence (BOE) for managed information systems, custom application, services, and networks
• Develop and disseminate system security policies, processes, and likewise governing products in service of maintaining a low operational risk picture
• Conduct internal vulnerability assessments and facilitate external Audits
• Coordinate security-related tasks and activities across other functional areas E.g. Program Management, Engineering, Software Development, etc
• Produce documentation in response to, and satisfaction of information security requirements
• Develop full ATO Packages and ATO supporting documentation, such as, SSPs, RARs, POA&Ms, SCTMs, RTMs, SLCMs, SARs, Certification Test Reports, Briefings, and Training products
• Assist in a secure change management process and related Change Control Boards (CCB)
• Cloud technology familiarity, Azure preferred
• Understanding of Kubernetes and containerization technologies
• Understanding of CI/CD pipelines

Minimum Qualifications

• Bachelor's Degree or greater preferred in Computer Science or a related field or equivalent experience.
• Field specific skills or certifications.
• Candidates must possess a current TS/SCI security clearance.

Other Job Specific Skills

To excel in this role, you will benefit from a strong background in cloud and containerization technologies, specifically Azure and Kubernetes. Proficiency in Linux and an understanding of CI/CD pipelines will be crucial for your success. Your ability to navigate these tools and processes will be fundamental in executing your duties effectively. The experiences that will serve you well in this position include a history of developing and managing security documentation, a track record of successful collaboration across various functional areas, and a demonstrated capability in conducting vulnerability assessments and compliance audits. Your role is pivotal in maintaining the security posture of the organization, and your contributions will be instrumental in protecting critical information assets.

Compensation Ranges

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.