Information Security Engineer
Location:RTP, North Carolina, US
Area of InterestInformation Technology
Working with the Information Systems Security Manager (ISSM), the candidate will act as the Information System Security Officer (ISSO) for Cisco Systems, Inc. The candidate must have an in-depth knowledge of the DCSA Assessment and Authorization Process Manual (DAAPM)/Risk Management Framework and the FedRAMP Authorization process. The ISSO will plan, manage, coordinate and provide support to various programs to ensure that the completion of all Assessment and Authorization (A&A) activities per the DAAPM, NISTs, CNSSI and other DoD policies. The candidate will be responsible for the life cycle of Information Systems, to include: meeting with program management to assist in developing requirements for Information Systems, creating the System Security Plans (SSP), reviewing/monitoring the technical security features to ensure compliance with regulations, submitting for Authorization, and meeting with government security representatives. Once Authorized, the ISSO will maintain compliance with all applicable CONMON requirements, conducting weekly audits, vulnerability scanning, briefings, and reviews of the System Security Plan as required. The ISSO will also be responsible for all Authorized Information Systems during annual audits/reviews/inspections.
The candidate will also require an understanding of COMSEC and COMSEC related equipment.
- US citizenship with a minimun of a TS Clearance
- In depth knowledge of DAAPM, FedRAMP, and NIST SP800-53 Information Systems requirements
- Strong experience implementing DISA STIGs
- In depth knowledge of various WINDOWS, UNIX, LINUX, AWS a plus.
- In depth knowledge of various compliance tools; ie, NESSUS, HBSS, Splunk
- Experience developing and presenting briefings
- Ability to develop and execute detailed project implementation plans
- 3 to 5 years experience as an ISSO
- Strong communications skills, both oral and written
- Commitment to excellence, creating and delivering the highest value to customers
- Ensure that all Enterprise Mission Assurance Support Service (eMASS) records are updated and maintained
- Develop and submit Plan of Action & Milestones (POA&M), as required
- Self-starter with ability to work independently, customer service orientated
- Ability to enable highly effective teams, leveraging differences in skills, knowledge, and experience to maximize results.
- Resourceful in solving problem and capitalizing on opportunities
- Able to travel periodically to other Cisco locations for 1-3 days at a time
- DoD 8570 Industry Certification in one or more of the following: CISSP, Security+, CISA, GSEC, CAP, SCNA, SCNP, SSCP, GSLC, GSE, CISM
Required Education (including Major): Bachelor's degree in Computer Information Systems/Computer Science, or 4 years experience in related technical subject area.