Information Systems Security Officer I

Scientific Research Corporation (SRC) is an advanced information technology engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients. SRC is searching for a Junior Cybersecurity Engineer to test, analyze, evaluate, validate, and verify cybersecurity requirements for North American Aerospace Defense Command (NORAD) and United States Northern Command (USNORTHCOM) systems. These systems consist of an on-premises Nutanix Hyper-Converged Private Cloud utilizing VMware ESXi Hypervisor and associated products, with future migration to Nutanix's native Hypervisor. The Private Cloud hosts NORAD and USNORTHCOM Mission Applications and Web Services including the Situational Awareness Geospatial Enterprise (SAGE) and Air Event Information Sharing Service (A/EISS) applications, as well as the Global Command and Control System-Joint (GCCS-J) Program of Record (PoR) Systems and Information Technology (IT) infrastructure including Red Hat Enterprise Linux (RHEL) servers. Sustainment of NORAD and USNORTHCOM systems will be conducted at the government's facilities in Colorado Springs, CO. Duties & Responsibilities include:

Performing as a DoD Information Systems Security Officer (ISSO)
• Implementing Zero Trust best practices and methodologies
• Developing, updating, and/or reviewing ATO, IATT, ATC documentation to include, but not limited to, Security Plans, Implementation Plans, Test Plans, Test Results (ACAS, STIGs, etc.), POA&M, and Security Assessment Reports (SAR)
• Ensuring that security design & distribution actions are evaluated, validated, and implemented as required
• Ensuring that cybersecurity requirements are integrated into the architecture for that system and/or organization(s)
• Evaluating development efforts to ensure that baseline security safeguards are planned for and appropriately installed
• Identifying alternative information security strategies to address organizational security objectives of cyber taskings
• Assisting the J66 ISSM in preparing, distributing, and maintaining plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations and cybersecurity practices
• Reviewing & recommending policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies
• Developing, updating, and/or reviewing ATO, IATT, ATC documentation to include, but not limited to, Security Plans, Implementation Plans, Test Plans, Test Results (ACAS, STIGs, etc.), POA&M, and Security Assessment Reports (SAR)
• Assessing system compliance against NIST and DoD security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Coordinating with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories

FILLING THIS POSITION IS CONTINGENT UPON FUNDING

#LI-AM1

• 3+ years combined cybersecurity experience holding one or more of the following roles: ISSO, Cybersecurity Analysts, and/or Systems/Network Administrator

• 2+ years of experience working Risk Management Framework (RMF)/Authorization To Operate (ATO) packages either in Enterprise Mission Assurance Support Service eMASS or XACTA

• 2+ years of experience working with Windows and/or Linux systems administration

• Active DoD 8140 Workforce Certification (formerly DoD 8570 Level II) (e.g. Security+ CE, CCNA, etc.)

• Possess cloud certification (e.g. Certified Cloud Security Professional (CCSP), GIAC Cloud Security Essentials (GCLD), etc.)

• Possess network certification (e.g. Systems Security Certified Practitioner (SSCP), GIAC Network Forensic Analyst (GNFA), etc.)

• Bachelors Degree (e.g. Cybersecurity, Engineering, Computer Science, or related IT fields)

• Experience working in DevSecOps (CI/CD) environments

• Knowledgeable with Supply Chain Cyber Risk Management (SCRM)

• Knowledge of cybersecurity principles and DoD requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

• Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption, Zero Trust)

• Experience with evaluating security vulnerabilities, developing mitigation strategies, or implementing remediation activities according to RMF and Test and Evaluation guidance. With a large focus on RMF steps 1 through 4

• Ability to communicate and establish collaborative relationships with government clients and associate contractor teammates to achieve program goals

SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT, THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS, A U.S. GOVERNMENT SECURITY CLEARANCE AT THE TOP SECRET LEVEL WITH TOP SECRET / SCI ELIGIBILITY

• No travel required

Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients.

SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Scientific Research Corporation is an equal opportunity employer that does not discriminate in employment.

All qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other protected characteristic under federal, state or local law.

Scientific Research Corporation endeavors to make www.scires.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact jobs@scires.com for assistance. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.