Cybersecurity ISSO
Employment Type : Full-Time
LIFE CYCLE ENGINEERING
Life Cycle Engineering (LCE) is a privately held, employee-owned company with an emphasis on "doing the right thing the right way”, which applies to the way we treat our customers and employees. We are proud to have been recognized as a "Best Place to Work” for 14 years running! Learn more below and at www.lce.com.
Cybersecurity ISSO
Position Summary:
As Information Systems Security Officer/Owner (ISSO), you will provide Cyber Security Support and Technical Services Support to our client the Naval Surface Warfare Center Philadelphia Division (NSWCPD). The effort includes HW/SW IV&V, creation/revision/maintenance of RMF A&A Package artifacts and supporting the accreditation process from Step 1 thru Step 6 as needed. This work is to be performed at the Philadelphia Navy Yard.
Contract Requirements:- Must be a US citizen with the ability to obtain/maintain a DoD Secret security clearance
- IAM Level II certification (CISSP or equivalent)
Essential Functions and Responsibilities:- Perform roles/responsibilities of the Information System Security Officer (ISSO) for assigned shipboard information systems
- Serve as the lead point-of-contact for all security-related matters to those systems
- Provide Systems Engineering Support for Hardware/Software and Independent Verification and Validation (IV&V)
- Ensure all required system security controls are implemented correctly, operating as intended, and producing the desired outcome
- Review existing policies, procedures and guidelines to ensure compliance with NSWCPD and Navy Cyber Security/Information Assurance (IA) Policy
- Assist and when required, conduct vulnerability scans of assigned networks and databases
- Provide assistance in the remediation of vulnerabilities identified through network scans
- Support IA strategic planning activities to evaluate enterprise services through the assessment of priorities and risk
- Coordinate changes or modifications to hardware, software, or firmware of a system with the applicable cybersecurity entities prior to a change
- Support the performance of periodic reviews of security controls for responsible systems
- Coordinate initial review and report technical findings.
- Provide on-site and off-site system engineers to assist with the acquisition, integration, and certification of systems and components under the purview of the Program. These include Navy-type Navy-owned systems
- Review and comment on Program documentation and key processes (e.g. Drawings, Data Item Descriptions, Contract Data Requirements Lists, Concept of Operations, Integrated Support Plan, Software Acquisition, Development and Integration Plan, Software Requirements Specification and asset design drawings/documentation)
- Assist in the development of a hardware Configuration Management (CM) plan, which is consistent and compatible with current U.S. Navy hardware CM practices. Provide CM reports as required in support of Integrated Product Teams and the project manager.
- Assist in the development of a Systems Engineering Risk Management Plan including the stand-up and operation of a Risk Management Board (RMB) that is consistent and compatible with current U.S. Navy Risk Management practices where applicable
- Develop and maintain a Plan of Action and Milestone (POA&M) for all IA-related tasks and deliverables in accordance with the Security Technical Implementation Guide (STIG)
- Develop Risk Assessment Reports (RARs) based on vulnerability test results, automated scan reviews, Assured Compliance Assessment Solution (ACAS) scans, and other DoD-mandated assessment-utilities.
- Document A&A-information in the A&A Package consistent with all other Packages, and ensure that there are no omissions
- Input reports in eMass, or deliver in MS Office-products/Visio formats, as appropriate
Required Education, Skills, and Experience:- Experience with security features and/or vulnerability of various operating systems as defined by NSA, NIST, DISA (STIGS) and USCYBERCOM.
- Experience with IA vulnerability testing and related and system test tools; e.g. NMap, ACAS/Nessus, Security Content Automation Protocol (SCAP)
Preferred Education, Skills, and Experience:- Bachelor degree
- At least 8 years' experience cybersecurity experience
- Experience coordinating with various levels of an organization to enact required security and changes to ensure compliance with published policies
- Experience conducting cybersecurity vulnerability and threat analysis and supporting cyber incident response by isolating potentially affected assets, initial investigation and data collection through status updates/reporting.
- Experience with DIACAP or RMF package creation.
Physical Demands and Expectations:- Regular physical activity to include walking, climbing stairs, and standing; frequent periods of prolonged sitting may be required.
- Ability to speak, read, hear, and write, with or without assistance.
- Ability to use phone and computer systems, copier, fax and other office equipment.
This position description represents a summary of the major components and requirements of the outlined job. Other duties and responsibilities may be assigned or required as business needs dictate. Questions regarding this description should immediately be addressed to the department manager or to Human Resources.
COVID-19 Update
For information on how LCE is keeping employees safe and continuing to provide uninterrupted support to our clients during the COVID-19 pandemic, read our update here.
Mission
Our mission is to enable people and organizations to achieve their full potential.
As a professional services organization, our mission is focused on our clients' people and organizations. It is our company's cornerstone belief that we will not lead the industry in assisting our clients unless we excel at helping our own people and teams reach their full potential.
Culture
Our corporate culture encourages personal and professional growth because LCE's success depends on the talent, innovation, professionalism, and commitment of its employees. LCE is a strengths-based organization focused on turning individual talents into strengths and then turning individual strengths into organizational performance that supports our clients' success.
Benefits- Affordable Medical/Dental/Vision Plans for employees and their families
- Free Employee Life and Disability Insurance, with supplemental coverage options available
- Health Savings Account and Flexible Savings Account options
- Company matched 401(k) & company-funded Employee Stock Ownership Program (ESOP)
- Paid Vacation, Holiday, Sick Leave
- Dynamic employee innovation/entrepreneurship program which includes education, empowerment, and monetary rewards
- Continuing Education and Professional Development programs at all levels
- Flexible Schedules and Relaxed Dress Code
- Employer-sponsored events, social collaboration, and open communication
- Free access to an extensive online training library, including certification prep
- Bonus Program for outstanding contributions, Employee Referral Program, numerous Recognition Opportunities, and more…
*Benefits may vary by business unit and location. http://www.lce.com/Employee_Benefits_358.html
Life Cycle Engineering (LCE) shall abide by the requirements of 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin. Moreover, these regulations require that LCE take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, because of or on the basis of pregnancy, childbirth, or related medical conditions, including, but not limited to, lactation, and any other status protected by applicable state law. In addition, LCE will not discharge or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant. LCE shall also abide by the requirements of 29 CFR Part 471, Appendix A.