ISSM - Sentar

Sentar is dedicated to developing the critical talent that the connected world demands to create solutions to address the convergence of cybersecurity, intelligence, analytics, and systems engineering. We invite you to join the small business team where you can build, innovate, and secure your career.

Sentar is seeking an ISSM at McDonald Army Health Center at Fort Eustis in Newport News, Virginia!

Role Description:

The Defense Health Agency (DHA) supports the delivery of integrated, affordable, and high-quality health services to Military Health System (MHS) beneficiaries and is responsible for driving greater integration of clinical and business processes across the MHS. Our DHA teams make a difference daily by ensuring the security of the health records of active duty and retired military and their families!
The Defense Health Cyber Risk Management Team requires an Information Systems Security Manager (ISSM) on site to provide key services to a government client. This individual will be responsible for assigned ISSM efforts to complete/maintain RMF packages associated with the government site (Security Plans, Annual Security Reviews, Authorizations, POA&Ms, etc.), conduct continuous monitoring of assigned systems, and provide relevant cyber security expertise to ongoing programmatic lines of effort.

This position will serve as the on-site ISSM for the McDonald Army Health Center at Fort Eustis in Newport News, Virginia. The ISSM navigates and coordinates workflow, activity, and documentation necessary to achieve successful RMF objectives for DHA medical devices and systems. The McDonald Army Health Center (MEDCOI_Ft Eustis) enclave connects an outpatient Medical Treatment Facility (MTF) supporting active duty, retired and other eligible beneficiaries and provides information services to the outpatient clinic, and specialty clinics. There are approximately 1000 ACAS IPs and 2000 end points within the enclave, which is comprised of End User Devices, Servers, Switches, Multi-Function Devices, and network printers, VTCs and AVAYA IP phones. Users include contractors, active duty military, and government personnel. The site provides control inheritance to and receives control inheritance from multiple entities. The MEDCOI_Ft Eustis enclave also contains approximately 30 PORs and applications at the site location, which are not included as part of the Authorization Boundary.

Duties:

• Coordinate with various stakeholders, e.g., Chief Information Officer (CIO), Security Engineers, Network Administrators, System Administrators, Information Assurance Managers (IAMs) / Information Systems Security Manager (ISSM) peers, certification authorities (and representatives), accreditation authorities (and representatives), program managers, vendors, etc., necessary to properly identify, document, mitigate, and manage risk attributed to the target system, network, and/or application;
• Identify, develop (directly or in coordination with applicable experts), and incorporate common artifacts found in RMF authorization packages, e.g., system architecture and boundaries, hardware and software inventories, policies and procedures, risk assessment reports, POA&Ms, data flows, PPSM accounting, and other necessary system, network, and application documentation;
• Apply knowledge and experience in identifying, assessing, and documenting compliance against applicable DoD Information Assurance (IA) security controls (technical, management, operational), Service (e.g., Army) regulations, etc., within the RMF package;
• Apply knowledge of, and ability to use, applicable compliance and authorization reporting environments (e.g., eMASS, CMRS) to document the progress of RMF risk assessments;
• Conduct root cause analysis for inconsistencies or shortfalls in system cybersecurity posture;
• Utilize vulnerability scanning and assessment tool results (e.g., ACAS/Nessus/STIG Viewer/SCAP) necessary to identify and document compliance while providing cybersecurity recommendations based on organizational requirements;
• Analyze Host-Based Security System (HBSS) and/or Endpoint Security Solution (ESS) output and configurations;
• Coordinate with system POCs, review authorization boundary diagrams, architecture/data flow diagrams, hardware/software inventories, IP address/subnet assignments, Med-COI Zone taxonomy, and other artifacts;
• Utilize compliance and authorization reporting environments (e.g., eMASS, CMRS, COAMS, MECM, and Phoenix) and coordinate with system POCs to explain compliance requirements, assist in reaching compliance, and provide training;
• Develop meeting agendas/briefings and lead/attend and speak in meetings with stakeholders to discuss status of efforts;
• Apply NIST, DoD, and DHA security requirements to include NIST SP 800-53 controls, DISA Security Technical Implementation Guides (STIGs), and Security Requirements Guides (SRGs);
• Submit Weekly Status Reports (WSRs), when applicable.

Qualifications:

Clearance Level: Secret

Certifications: IAT Level II certification required; IAT/IAM III certification is a plus

Experience:

• 10+ years of technical experience or a Bachelor's Degree and 6+ years of technical experience.
• Minimum 5 years of RMF experience
• DoD 8570/8140 compliance to IAT Level II Certification (e.g., Security+ CE, CISSP, etc.).
• Secret Security Clearance.
• Demonstrated experience with eMASS or similar RMF application.
• Proficient at O365 tools and environments, to include MS Teams, SharePoint, PowerPoint, Word, Excel, Visio, OneNote, and other related applications.
• Proficient at providing exceptional customer service.
• Familiarity with NIST SP 800-53 (Rev 5 a plus), DISA STIGS/SRGs, CMRS, HBSS/ESS, MECM and Phoenix SDB.
• Aptitude to provide thought leadership to the ISSM efforts to maintain an organizational or system-level cyber security program.
• Ability to identify, interpret and evaluate major applications, infrastructure, enclaves, and system environments based on proposed authorization boundaries.
• Ability to manage multiple projects simultaneously and interact with remote stakeholders.
• Ability to work independently while also contributing to team member productivity.
• Must possess strong verbal/written communications and interpersonal skills.

Benefits at Sentar:

In addition to a great culture, Sentar not only fosters an inclusive work environment but also offers an extensive benefits package designed to cater to the well-being of its employees and their families.

• Voluntary Medical, Dental, Vision, with Health Savings or Flexible Spending Plan options
• Voluntary Life, Critical Illness, Accident, and Long Term Care insurance options
• Group Term Life, Short-Term and Long-Term Disability is provided by Sentar to all qualifying employees
• Generous 401(k) match
• Competitive PTO plan that graduates quickly with years of service
• Other leave programs; holiday schedule along with bereavement, jury and military duty
• Mental health awareness programs
• Tuition reimbursement
• Professional development reimbursement
• Recognition and Awards programs

If you are not ready to apply for this position, submit your resume here to join our talent community. We'll keep you updated occasionally on new job opportunities.

Sentar is an Affirmative Action and Equal Opportunity Employer M/F/Vets/Persons with Disabilities

Our culture is one of inclusivity and support. Sentar is proudly an Equal Opportunity and VEVRAA Federal Contractor Employer M/F/Vets/Persons with Disabilities. Follow these links to learn more about your rights: EEO Is the Law Poster; EEO Is Law Supplement; and Pay Transparency.

We want you to build your career at Sentar, so if you are an individual with a disability and require a reasonable workplace accommodation applying for a job or at any point in the employment process, contact the Recruiting Manager at recruiting@sentar.com. Please indicate the specifics of the assistance needed. Thank you for considering Sentar in your employment search.

Build, Innovate, Secure Your Career at Sentar.