Information System Security Officer Job Listing at SPA in Huntsville, AL (Job ID 2025-20095)

Description

Qualifications

Required Qualifications:

• Bachelor's degree in a STEM field
• The ability to work onsite, up to full time, depending upon client needs
• Experience configuring, administering, and maintaining computer systems (Such as Windows 10, Server 2012R2, Server 2016, Active Directory, RedHat Enterprise Linux)
• Experience in configuration and management of virtual machine environments such as VMware ESXi hypervisor, vCenter management, OpenShift, etc.
• Knowledge of and experience using cybersecurity auditing tools (Nessus, ACAS, SCAP/SCC, etc.)
• 5+ years experience with enhanced DoD security controls for government networks including the Assured Compliance Assessment Solution (ACAS), Host-Based Security System (HBSS), Security Technical Implementation Guides (STIG), and Secure Host baseline (SHB)
• Experience with DCSA. Experience conducting vulnerability audits, security configuration checks, and system configuration scans to meet cybersecurity requirements
• 5+ years demonstrated experience developing, editing, and auditing cybersecurity policies, plans, and procedures for submission and maintenance with the National Industrial Security Program (NISP) Enterprise Mission Assurance Support Service (eMASS), especially in a contractor facility
• Working Knowledge of Linux, Microsoft Windows, and IP networking
• Linux certification is a plus
• Familiarity with network security architecture and systems security engineering concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Familiarity with other security frameworks such as Cybersecurity Maturity Model Certification (CMMC) and National Institute of Standards and Technology (NIST) 800-series Special Publications
• An Active SECRET security clearance and the ability to maintain it throughout employment

• Conduct assessment of RMF controls, develop and track POAMs to completion, and ensure all requirements are met in eMASS in support of the RMF process.
• Execute and maintain the overall security posture of the systems and assist in the security assessment and authorization process for RMF requirements while meeting the programmatic needs of the customer.
• Provide support for the ISSM with local Defense Security Service (DSS) and Defense Counterintelligence and Security Agency (DCSA) information security personnel.
• Conduct vulnerability scans using ACAS and SCAP, push patches and updates, and mitigate vulnerabilities.
• Maintain awareness and knowledge of evolving security threats and risk management.
• Conduct continuous monitoring of the system security.
• Maintain required artifacts in support of RMF specific to each project.
• Analyzing system logs and identifying potential issues with computer systems.
• Applying operating system updates, patches, and configuration changes.
• Installing and configuring new hardware and software.
• Adding, removing, or updating user account information, resetting passwords.
• Security management.
• Documenting system configuration. Troubleshooting anomalies.
• Managing Network infrastructure.