Intelligence Management Group (IMG) is seeking to fill a full-time position as an information system security officer in the DMV area. At IMG, we are dedicated to delivering the next generation of cutting-edge technologies. As we continue to grow, we are thrilled to offer new career opportunities for talented professionals in engineering, software development, and other key areas.

Position: Information System Security Officer

Location: DMV

Position Type: Full time

Travel: Hybrid

Clearance: Secret

Role Summary: Information System Security Officer with about 5-8 years of DISA and eMASS experience.

Key Responsibilities:

A) Ensure the EVS unclassified and classified VoIP remains compliant with applicable DISA, Joint Force Head Quarters–DoD Information Network, and United States Cyber Command security policies such as Advisory Messages, Fragmentary Orders, General Information Technology Administrative Orders, Warning Orders, Strategic Technical Implementation Guides, Information Assurance Vulnerability Alerts, and Security Requirements Guides on the DISA IA portal. Products in the EVS portfolio include, but are not limited to, DSN, VISP, EVoIP and Enterprise Classified VoIP (ECVoIP) Managed and Basic, and Cloud Voice (CV). B) Create security documentation and artifacts needed to obtain and maintain a DoD Authority to Operate (ATO) under the Risk Management Framework (RMF), including Change Requests associated with new software. C) Review and provide technical recommendations/mitigations on the Assured Compliance Assessment Solution scans, Cybersecurity Service Provider and Host Based Security System results. D) Advise the Government on security matters in a continuous cycle for the duration of the PoP in a frequency commensurate with the ongoing activities of the project and documented in the project schedule as agreed to by all parties. E) Create the RMF package documents required to obtain ATO. Use the automated validation capabilities of the Secure Internet Protocol Router Network (SIPRNet)/NIPRNet Enterprise Mission Assurance Support Service for preparation of the RMF Package. F) Develop required RMF package to include the registration with the DoD Information Assurance Program, assigning Information Assurance controls Categorization’s level based on Confidentiality, Integrity, and Availability, identifying the RMF Team members, and initiating the Committee on National Security Systems Instruction (CNSSI) 1253 review. The contractor shall provide support in facilitating and ensuring the implementation and validation of assigned National Institute of Standards & Technology (NIST) 800- 53 Controls including the overlays, conducting validation activities, and compiling the status of the validation results in the RMF lifecycle Security Assessment Report (SAR). The contractor shall coordinate with the Government and draft/prepare the supporting documentation Security Plan of Actions and Milestones (POA&M), actual validation results, artifacts associated with implementation of NIST 800-53 controls, etc.) required for the RMF Lifecycle; ATO. G) Prepare all required Security POA&M documentation. A Security POA&M is required for any ATO decision that requires corrective action and is also used to document status of NIST 800-53 controls that have been accepted by the responsible Authorizing Official (AO). The Security POA&M will address why the system needs to operate, any operational restrictions imposed to lessen the risk during an interim authorization, the AO's rationale for accepting certain NIST 800-53 controls that are categorized as Non- Compliant (NC) or Not Applicable (NA), specific corrective actions necessary to ensure that assigned NIST 800-53 controls have been implemented correctly and are effective, the agreed-upon timeline for completing and validating corrective actions, and the resources necessary and available to properly complete the corrective actions. The security POA&M is a permanent record and once posted, weaknesses will be updated, but not removed after correction or mitigation actions are completed. The contractor shall recommend corrective actions and implementation strategies for the corrective actions identified in the security POA&M. H) Develop the SAR to document the assigned NIST 800-53 controls, including inherited NIST 800-53 controls. The SAR also includes the NIST 800-53 control implementation status, responsible entities, resources, and the estimated completion date for each assigned NIST 800-53 control. The report shall reference applicable supporting implementation material and artifacts. I) Provide Security Engineering Services to the government for RMF lifecycle activities that include the implementation solutions to address new customer requirements, as well as upgrades/patches to the applications in compliance with NIST publications, to include:

CNSSI 4009, “Information Assurance Glossary”

NIST (Special Publication (SP) 800-37 (Revision 1), “Guide for Applying the Risk Management Framework to Federal Information Systems – A Security Life Cycle Approach”

NIST SP 800-53, “Recommended Security Controls for Federal Information Systems”

CNSSP 22, “Information Assurance Risk Management Policy for National Security Systems”

CNSSI 1253, “Security Categorization and Control Selection for National Security Systems”

DoD Instructions 8500.2 (Information Assurance Controls) and 8510.01 DoD Information Assurance Certification and Accreditation Process / Risk Management Framework

J) The appointed AO, a Government employee, will ensure all vulnerabilities on the product are fixed or risk mitigation is performed before granting the ATO approval. The product shall receive an ATO before it is placed on any DoD network. This process is the Government’s method of ensuring the solution(s) is STIG compliant. K) Prepare the necessary documentation to describe the protection and sustainment of the information assurance requirements such as protection of the operating environments and software, and databases; integration and implementation of information assurance features for client-server and web enterprises; participation in the planning and performance of Security Test & Evaluation and other testing scenarios; support for DoD PKI requirements and implementation strategies and other authentication methods as identified by the government. I) Maintain certification and accreditation (C&A) of the program automated information systems required to sustain DoD compliance standards according to the RMF (in accordance with DoDI 8510.01). M) Evaluate systems, identify risks, and risk mitigation strategies to meet the DoD requirements. The contractor shall conduct a weekly C&A meeting; shall provide meeting agenda and minutes to the government. N) Provide a monthly C&A status report to the government cataloging the security controls addressed mitigated, or for which a POA&M was developed, in the past month, to include actual validation results, artifacts associated with the implementation of NIST 800-53 controls, etc. O) Update and maintain Information Assurance controls and POA&M status spreadsheet weekly, cataloging all the security controls for which a POA&M was developed. P) Track compliance reports with the system owners and maintain the POA&Ms for all accepted risks upon completion of system ATO. Q) Register all new EVS SIPRNet circuits in Gig Interconnection Approval Process (GIAP) database and upload all necessary artifacts. The contractor shall update all EVS registrations in GIAP whenever a new ATO is awarded or as needed to avoid expiration. The contractor shall register all new EVS NIPRNet circuits and Virtual Private Networks in the System/Network Approval Process (SNAP) database and upload all necessary artifacts. The contractor shall update all EVS registrations in SNAP whenever a new ATO is awarded or as needed to avoid expiration. R) Prepare for review, ATO documentation to meet the DoD compliance standards, to include CONOPs, Standard Operating Procedures (SOP), COOP and Disaster Recovery Plan, System Configuration/Network Diagrams, Incident Response Plan, Change Management Plan, System Security Plan, and Program Protection Plan, ISCP, and EVS Cybersecurity Strategy using the Agency or DoD Cybersecurity Strategy as a reference. The contractor shall plan and implement by reviewing and developing program documentation. All the RMF controls shall be addressed in one or more of the below deliverables.

If you are interested in this position, please send me a copy of your latest resume at aamir.shigan@iquasar.com with the information requested below. Also, please let me know what time/number is best to call to discuss this great opportunity. In case you are not interested in this position, or this is not a right fit for you, please feel free to share this opportunity with your friends/networks or anyone you know who may be interested in this position. Thank you!

Availability to start a new job

Best Rates

Contact

Please do not hesitate to contact me with any question (s) you may have. All employment is decided based on qualifications, merit, and business needs.

Regards,

Aamir Shigan

Recruitment Specialist

iQuasar LLC

aamir.shigan@iquasar.com

Direct: 703-635-7442

Office: 703-635-7442 Ext: 567

www.iQuasar.com

iQuasar is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will be considered for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity, disability status, protected veteran status, or any other characteristic protected by law.

Flexible work from home options available.