Senior Information Systems Security Officer - Base-2 Solutions, LLC
Fort Meade, MD 20755
About the Job
Description:
- Work one-on-one with the Government Division Chief and Technical Director and Deputy Authorizing Official to advise on Secure the Enterprise (STE) strategies, policies, and performance
- Brief the Chief Information Security Officer and Chief Information Officer on STE data, trends, updates, and changes
- Serve as the highest level of STE technical support to security community
- Converse, analyze and advise on STE areas of concern to include Transport Layer Security (TLS) versions and cipher suites, Network Flow data (NetFlow and its variants), configuration of network devices, audit data logs (syslog and variants) collection and analysis, user activity monitoring, and other technical areas
- Assist system personnel across the enterprise to maintain the appropriate operational security posture in accordance with STE compliance regulations, policies and playbook guidance for their assigned systems, programs, and/or enclaves
- Provide guidance and technical expertise on all STE requirements that impact or affect the security compliance of the information system
- Assist in the development and execution of an enterprise level STE compliance program that facilitates RMF continuous monitoring to minimize security risks and ensure compliance with that program on a routine basis.
- Manually review submitted evidence and justifications for manual compliance validations, determinations of applicability and exceptions for all STE security controls
- Based on your review, make recommendations to leadership for approval or rejection of requests for exceptions from STE security requirements
- Based on your review and written guidance, approve, or reject requests for manual validation or determination of applicability
- 12 years of related work experience in the field of security authorization.
- A Bachelor’s degree in Computer Science, Information Technology Engineering, or a related field may be substituted for 4 years’ experience.
- A working knowledge of the security authorization processes and procedures as defined in the RMF in NIST SP800-37 and familiarity with the ICD503, CNSSI1253, SP800-53, etc.
- Knowledge of cloud architectures and cloud service providers
- Knowledge of Customer enterprise tools and solutions.
- Ability to effectively communicate with customers of various skill levels to resolve their compliance issues.
- Willingness to perform deep dive analysis on customer issues to resolve their compliance challenges
- Knowledge of commercial security tools and their uses.
- Experience with hardware/software security implementations.
- Knowledge of different communication protocols, encryption techniques/tools, and PKI and authorization services.
- Familiarity with security incident management, experience collaborating with Incident Response Teams, and able to provide viable recommendations for the resolution or computer security incidents and vulnerability compliance.
- Experience creating and presenting documentation and management reports.
Pay & Benefit HighlightsCompensation
- Above market fixed salary or hourly pay.
- Up to $10,000 bonus for each referral.
- Additional bonuses for exceptional performance, assisting with business development and company growth.
- 100% paid premiums for health insurance. Choose from over 80 gold-level medical plans from Aetna, CareFirst, Kaiser and UnitedHealthcare. Choose from PPO, EPO, POS, HMO, and HSA-compatible.
- HSA and FSA options.
- 100% paid premiums for dental insurance.
- 100% paid premiums for vision insurance.
- 100% paid premiums for short-term disability.
- 100% paid premiums for long-term disability.
- 100% paid premiums for accidental death & dismemberment.
- 100% paid premiums for life insurance with a $200,000 max benefit.
- 8% company contribution to 401k with immediate vesting.
- 401k pre-tax and Roth options.
- Up to 20 days of flexible paid time off (PTO).
- 11 days of paid floating holidays.
- Flexible work schedules including flex time and compressed work period.
- Remote work including partial or fully remote (contract and project-dependent).
Source : Base-2 Solutions, LLC