Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age.
We are looking for an Information Systems Security Officer (ISSO) to support a RMF project for NAVFAC on the West Coast in the
Seattle, WA area.
The ISSO will be required to travel between Naval Base Kitsap (NBK), Bremerton Naval Shipyard, Everett, and Whidbey Island.
An active Secret security clearance is required as well as the ability to be on-site one to two days as required and you must be able to surge to daily onsite support if needed. The ISSO will be responsible for the following:
RESPONSIBILITIES:
- Lead RMF ISSE support team for assigned programs, organizations, systems, or enclaves
- Provide quality assessment and oversight for ISSE personnel and artifact deliverables
- Maintain and report system’s A&A status and events to the ISSM, PM/ISO, PSO, FSCA and FAO.
- Manage the Security Plan for assigned systems throughout their lifecycle
- Ensure the execution of annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements
- Manage POA&M entries and ensuring vulnerabilities are properly tracked, mitigated, and resolved where possible.
- Complete System / Mission decomposition to identify system components critical to priority mission functions.
- Work with CYBERSAFE team to complete grading of Facility Related Control Systems (FRCS).
- Report ongoing Risk Management Framework (RMF) package progress regularly to ISSM, HQ teams and various leadership personnel throughout NAVFAC Enterprise.
- Use collected system information and interviews with Subject Matter Experts (SMEs) and various system personnel to review artifacts for compliance, completeness, and quality in support of successful ATOs and ongoing maintenance.
- Perform all necessary tasks to support RMF packages, including uploading artifacts into eMASS in the proper format to support initial RMF authorization, maintenance, or reauthorization efforts. Duties include:
- Implementing security controls in accordance with STIGs and SRGs
- Patching vulnerabilities on IT/networking devices and all IP-based controllers
- Conducting vulnerability scanning of all IP devices and generate reports
- Completing manual STIG checklists (CKLs) according to the approved SAP
- eMASS tasks such as inputting test results, uploading scan results, mapping vulnerabilities to controls, updating and maintaining POA&Ms, and processing eMASS workflows
- Providing on-site validation support
- Facilitating and managing change requests and authorization boundary changes with Operational Technology Design Authority (OTDA)
- Collaborating with multiple departments to perform scanning and patching to include intermittent nationwide travel according to multiple site requirements and availability
Qualifications:
- Bachelor's degree in IT/Cybersecurity related field with five (5) years of related experience and/or training including military or civilian experience
- Experience with implementing Security Technical Implementation Guides (STIGs) and Security Requirement Guides (SRGs)
- Experience conducting ACAS scans and generating reports
- Knowledge of industrial communication protocols
- Knowledge of HVAC Systems equipment and operation
- Knowledge of HVAC Control Systems
- Knowledge of utility information systems and energy-management technologies
TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States."TDI is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, genetics, gender identity or expression, national origin, protected veteran status or disability status, or any other characteristic protected by federal, state or local laws."
