INFOSEC Specialist/ISSM with Security Clearance
Amentum
2024-11-07 21:38:43
Chantilly, Virginia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Amentum provides a range of Department of Defense, Intelligence Community, and Commercial analytic and operational support, risk analysis, analytic outreach, red teaming, and event support services. We pride ourselves in developing creative, customized, and flexible approaches that meet our clients' evolving and dynamic needs. Amentum is currently seeking a Cyber and Information Security Specialist (INFOSEC). The INFOSEC Specialist performs IT project risk assessments for various projects on government sponsored computer networks. The successful candidate will provide expertise to develop best practices for information security policy, standards, guidelines, and procedures. Core responsibilities of the position include: Review and analyze systems architecture diagrams and networks. Support Assessment and Authorization (A&A) requirements and process and apply ICD 503, NISPOM, and other federal guidelines in support of systems used at contractor facilities. Assist program systems owners and/or service providers throughout the risk management framework (RMF), including the assessment and authorization (A&A) processes, as follows: Produce an annual A&A report of trends, challenges, and risk with recommended mitigation and process improvements. Provide oversight and guidance to ensure compliance with program information security regulations and policies on processes and request, such as Data Transfer Request; Access Request; Service/Change Request; Purchase Request; Accountable Property Management; Waivers, including medical devises and introduction (use) of equipment /devises into SCIF; and Equipment Transport. Produce a Weekly Activity Report. Facilitate development, maintenance, and security review of AIS security plans for computers, networks, and information systems deployed and used at contractor facilities, ensuring that sponsor and program approving signatures are acquired and documented. Conduct technical exchange meetings to facilitate AIS security solutions for both industrial contractors and government systems; and produce comprehensive solutions to technically complex systems and challenges. Ensure documentation is complete and accurate in accordance with sponsor and program AIS policies and requirements. As necessary, support the investigation of virus/malware alerts/incidents to determine root cause, entry point of code, damage risk, and report this information. Write reports based on technical analysis of sponsor or industrial partners systems, and as applicable provide recommendations for mitigating issues in the future. Analysis systems, including forensically, for malware, misuse, and/or unauthorized activity. Ensure discovered cyber incidents and data spills are reported per program SOP; support investigations and remediation/clean up as necessary and provide guidance in coordination with program security management and other groups as appropriate. Provide information security training and refine, edit, and maintain training material, as necessary to ensure it is up to date with current policies, regulations, and best practices. Participate in project review meetings and provide technical cyber security advise/expertise to program personnel. Advise on technical and performance characteristics of new technologies, as relates to sponsor policies and regulations. Review complex sponsor and industrial partners system designs for security risk and compliance with sponsor policy and regulations; propose resolution and preventive strategies. Communicate complex technical concepts, project information, and security policy clearly and concisely to both technical and non-technical audiences. Provide briefings and/or training on sponsor's INFOSEC policies and regulations. Provide a quarterly Security Control Status Report (SCSR) that identifies security risk and trends through the ranking of the 77 Control Families. Required experience: 8-10 years' experience performing full range of information security functions. Bachelor's degree in IT Experience with audits, risk management, or internal controls on government systems. Working knowledge of the NISPOM, DCIDS, ICDs, and Executive Orders, to ensure security compliance preferred. Understanding or experience with cloud security. Demonstrated ability to work independently with minimal guidance and in small dynamic teams often under time-constraints. US government issued TS/SCI security clearance with Polygraph required at time of application. Note: US Citizenship is required to obtain a Top Secret Clearance. Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran's status, ancestry, sexual orientation, gender identity, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal EEO laws and supplemental language at EEO including Disability/Protected Veterans and Labor Laws Posters .