Information Systems Security Officer (TS/SCI with Poly Required)

GCI, Inc.
Tysons, United States of America
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Tysons, United States of America

Tech stack

Microsoft Windows
Amazon Web Services (AWS)
Confluence
JIRA
Azure
Bash
CentOS
Cloud Computing
Configuration Management
Communications Protocols
Computer Security
Information Systems
Elasticsearch
Networking Hardware
Intrusion Detection Systems
Python
Lightweight Directory Access Protocols (LDAP)
Network Architecture
Citrix Systems
NMap
Open Source Technology
Powershell
Red Hat Enterprise Linux - RHEL
Software Engineering
TCP/IP
Scripting (Bash/Python/Go/Ruby)
Computer Networking Systems
In-Plane Switching (IPS)
Information Technology
Data Analytics
Nessus
Nexpose
Cyber Warfare
Splunk
Cisco networks
VMware

Job description

GCI embodies excellence, integrity and professionalism. The employees supporting our customers deliver unique, high-value mission solutions while effectively leverage the technological expertise of our valued workforce to meet critical mission requirements in the areas of Data Analytics and Software Development, Engineering, Targeting and Analysis, Operations, Training, and Cyber Operations. We maximize opportunities for success by building and maintaining trusted and reliable partnerships with our customers and industry., Members of the ISSO team support the assessment and authorization (A&A) process for information systems. The successful candidate will have requisite cyber security experience with methods and tools used to improve the security posture of critical systems such as identifying risks, vulnerabilities, anomalies, patching, auditing, automation, security hardening, best practices, and evaluating system changes. In addition, the candidate will collaborate with developers and engineers on projects to create a secure hybrid-cloud environment.

Requirements

  • Bachelor's degree in Cybersecurity, IT, or other related technical discipline; or the equivalent combination of education, technical training, or work/military experience
  • Minimum eight (8) years applied experience or relevant degree plus five (5) years of Cybersecurity expertise with demonstrated ability to successfully shepherd IT projects of varying types through the authorization lifecycle.

REQUIRED KNOWLEDGE/SKILLS

  • Strong verbal and written communication/cooperation within a team context
  • Supported control implementation assessment and reporting and monitoring processes using cyber security and assessment management systems
  • Understanding of perimeter controls (firewalls), access control mechanisms, and network architectures
  • Demonstrated essential understanding of methods for hardening operating systems (e.g., CentOS, RedHat, Windows)
  • Skilled with and/or demonstrated technical aptitude with vulnerability and risk assessment tools such as Elasticsearch or Splunk SIEMs, Rapid7 Nexpose, and IDS/IPS monitoring and alerting
  • Strong understanding of methodologies for researching and documenting software and hardware vulnerabilities
  • Experienced working closely with stakeholders, developers, and external teams, including customer security manages (ISSMs), organizational leadership, and key personnel
  • Applied experience with the customer's assessment and authorization tracking tools
  • Knowledgeable regarding Common Control Provider (CCP) requirements and methodology
  • Demonstrated knowledge and experience with networking topologies and hardware, including commonly used/referenced network devices, IDS and IPS, etc.
  • Applied experience with open-source and commercial tools and systems such as nmap, Nessus, Rapid7, Splunk, Nipper, Elasticsearch, Jira, Confluence, Cisco, VMware, Citrix, or Trellix, as well as GOTS tools used by the customer
  • Demonstrated experience with the design and implementation of defense-in-depth solutions
  • Skilled in cross-team collaboration and effective communication to fulfill specific authorization requirements
  • Demonstrated skill documenting processes and procedures in CONOPS and system security, contingency, configuration management and other plans
  • Demonstrated ability to facilitate customer concurrences required for risk-based decisions, especially those requiring waivers
  • Experience assisting the customer with decisions impacting the security posture and compliance of their systems and networks with requirement as documented in NIST 800-53 and its revisions
  • Extensive familiarity with communications protocols, such as TCP/IP, UDP, HTTP/S, SSH, LDAP, etc.
  • Demonstrated experience with security, monitoring and auditing cloud-based technologies, products and services, such as Amazon Web Services (AWS) or Microsoft Azure
  • Knowledge of the customer's organization, their network systems and infrastructure, processes and procedures, and request and approval tools
  • Ability to work within fast-paced customer environments

DESIRED SKILLS

  • Experience in scripting/program languages such as Bash, PowerShell, or Python

A candidate must be a US Citizen and requires an active/current TS/SCI with Polygraph clearance.

Apply for this position