Peraton requires Information Systems Security Officers to support the Special Operation Command Information Technology Enterprise Contract (SITEC) - 3. This position is located at Little Creek, VA.
The purpose of the Special Operations Forces Information Technology Enterprise Contract (SITEC) 3 Enterprise Operations and Maintenance (EOM) Task Order (TO) is to provide USSOCOM, its Component Commands, its Theater Special Operations Commands (TSOCs), Operations (NetOps); maintain systems and network infrastructure; provide end user and common device support; provide configuration, change, license, and asset management; conduct training, and perform Install, Move, Add, Change (IMACs) services. The responsibilities and tasks associated with each requirement play a pivotal role to USSOCOM, the CIO/J6 organization, and ultimately the end-user who operate around the globe 24x7x365.
This role requires a proactive approach to security management and the ability to work closely with both technical and non-technical stakeholders. The ISSO / RMF Analyst shall provide hands-on cybersecurity support for SOCOM systems, focused on RMF lifecycle activities, continuous monitoring, vulnerability management, compliance reporting, and cybersecurity documentation development.
Responsibilities
- Work with a team of IT risk management assessors performing IT risk and controls assessments using government governance & guidance and organizational policy & procedures
- Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including Subject Matter Experts (SMEs) such as system and database administrators
- Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
- Evaluating the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement
- Documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
- Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
- Planning and executing day-to-day activities of IT controls assessments individually and as part of a team
- Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
- Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel
- Implement and manage continuous monitoring programs to ensure ongoing security of information systems.
- Extensive experience with Risk Management Framework (RMF) process and 800-53, 37
- Experience creating and updating Security Assessment and Authorization (SA&A) artifacts such as FIPS 199, Contingency Plans (CP), Contingency Plan Tests (CPT), and System Security Plans (SSP).
- Knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews.
- Working knowledge of FISMA, NIST SP 800 series, FISCAM, and other relevant Federal information assurance laws, regulations, and guidance.
- Experience performing FISMA, OMB Circular A-123, or similar internal control assessments
- Understanding of other security frameworks like FedRAMP and DISA DCAS
- Understanding of the DoD Cloud Computing Security Requirements Guide and other DoD STIG/SRGs, including experience in working with STIG Viewer toolset
- Proficiency in eMASS
- Proficiency in Microsoft Excel, Word, and PowerPoint
