ISSO Senior STE - with TS/SCI Poly with Security Clearance

---

Job description

Are you searching for a professional environment that encourages personal and educational development and dedication to the mission? Join a team of security experts who are dedicated to protecting and securing our customers' systems at both the enterprise and program level. Our specialists work closely with others in the RMF process to ensure the highest level of security for every system. Amentum is seeking an Information Systems Security Officer (ISSO) Senior (Sr) Secure the Enterprise (STE) for a prime contract. As the ISSO Sr STE compliance portion of the Authorization and Assessment process under the Risk Management Framework (RMF) for new and existing information systems you will assist system ISSOs, ISSMs, DAOs and ISSEs obtain and maintain Authority to Operate and STE compliance for all systems in the Enterprise. The work environment is fast-paced and sometimes involves deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers. Our program includes easily available process information and support from others with similar positions across the team. Responsibilities: Work one-on-one with the Government Division Chief and Technical Director and Deputy Authorizing Official to advise on STE strategies, policies, and performance Brief the Chief Information Security Officer and Chief Information Officer on STE data, trends, updates, and changes Serve as the highest level of STE technical support to security community Converse, analyze and advise on STE areas of concern to include Transport Layer Security (TLS) versions and cipher suites, Network Flow data (NetFlow and its variants), configuration of network devices, audit data logs (syslog and variants) collection and analysis, user activity monitoring, and other technical areas Assist system personnel across the enterprise to maintain the appropriate operational security posture in accordance with STE compliance regulations, policies and playbook guidance for their assigned systems, programs, and/or enclaves Provide guidance and technical expertise on all STE requirements that impact or affect the security compliance of the information system Assist in the development and execution of an enterprise level STE compliance program that facilitates RMF continuous monitoring to minimize security risks and ensure compliance with that program on a routine basis. Manually review submitted evidence and justifications for manual compliance validations, determinations of applicability and exceptions for all STE security controls Based on your review, make recommendations to leadership for approval or rejection of requests for exceptions from STE security requirements Based on your review and written guidance, approve, or reject requests for manual validation or determination of applicability Work with information system personnel to troubleshoot and correct rejected requests for manual compliance validation, determinations of applicability and exceptions Review automated STE compliance data for errors or inconsistencies and report findings to leadership Assess the effectiveness of general IT and specific STE security controls on an ongoing basis to determine the STE program's effectiveness Maintain, develop, and enforce STE security policies, implementation guidelines and customer training for information system personnel in diverse operational environments Coordinate with software developers to recommend changes, develop system requirements, and test new implementations Requirements: A working knowledge of the security authorization processes and procedures as defined in the RMF in NIST SP800-37 and familiarity with the ICD503, CNSSI1253, SP800-53, etc. Knowledge of cloud architectures and cloud service providers Knowledge of Customer enterprise tools and solutions. Ability to effectively communicate with customers of various skill levels to resolve their compliance issues. Willingness to perform deep dive analysis on customer issues to resolve their compliance challenges Knowledge of commercial security tools and their uses. Experience with hardware/software security implementations. Knowledge of different communication protocols, encryption techniques/tools, and PKI and authorization services. Familiarity with security incident management, experience collaborating with Incident Response Teams, and able to provide viable recommendations for the resolution or computer security incidents and vulnerability compliance. Experience creating and presenting documentation and management reports. Clearance Required: Active TS/SCI with Poly Minimum Years of Experience: Twelve (12) years of related work experience in the field of security authorization. A Bachelor's Degree in Computer Science or IT Engineering or related field may be substituted for four (4) years of experience Required Certifications: DoD 8570.1 compliant IAM Level III certification, such as the GSLC, CISM, CISSP (or associate) certification. Preferred: Should have familiarity with the Risk Management Framework and the Secure the Enterprise program. Should have experience working in a help desk environment with an ability to maintain professionalism under strenuous circumstances. Should be highly analytical and effectively able to troubleshoot and prioritize needs, requirements, and other issues. Should be committed to continuous learning and system development because of the constant developing nature of cyber-attacks. Should have the ability to quickly learn new concepts, data formats, and software. Should be a self-motivated, independent, detail oriented, responsible team player, and exhibit exceptional relationship management skills. Advanced knowledge of Microsoft Office products, especially the ability to create formulas in Excel spreadsheets to perform data analysis tasks and professional presentations in PowerPoint. Competency in one or more programming languages especially Python and Visual Basic for Applications (VBA) Pay Transparency Verbiage Amentum's health and welfare benefits are designed to invest in you and in the things you care about. Your health. Your well-being. Your security. Your future. Eligible employees and their dependents may elect medical, dental, vision, and basic life insurance. Employees are able to enroll in our company's 401k plan, and, if eligible, a deferred compensation plan and Executive Deferral Plan. Employees will also receive 17 days of vacation per year, seven paid holidays, plus floating holidays and caregiver leave. Hired applicants will be able to purchase company stock and have the opportunity to receive a performance discretionary bonus. The base salary range for this position is $210 to $220. This range reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training

<!– job description page –>