Overview:
Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.
Job Description Summary:
The Information System Security Officer (ISSO) 3 supports the continuous monitoring and authorization efforts for multiple Department of Defense (DoD) and/or Special Program information systems. The ISSO 3 is a subject matter expert (SME) on the implementation of NIST SP 800-53 and its application with respect to the DAAPM, JSIG, or ICD 503. The ISSO 3 performs the evaluation of information system security for assigned programs in compliance with the Risk Management Framework (RMF) as outlined in either the DAAPM, JSIG, or ICD 503. The ISSO 3 will work under the direction of the Information System Security Manager (ISSM) and does not manage direct reports.Job Description:
Duties/Responsibilities
Assist the ISSM in meeting their duties and responsibilities. The ISSO 3 shall assume ISSM responsibilities in the absence of the ISSM.
Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package.
Attend required technical and security trainings (e.g., operating system, networking, security management) relative to assigned duties.
Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the information system.
Conduct periodic reviews of information systems to ensure compliance with the security authorization package.
Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and SCA prior to the change.
Formally notify the ISSM and SCA when changes occur that might affect system authorization.
Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.
Serve as a Subject Matter Expert (SME) for Splunk (or equivalent SIEM tools), vulnerability scanners, and configuration tools.
Ensure all IS security-related documentation is complete, current, and accessible to properly authorized individuals.
Conduct audits and continuous monitoring (ConMon) activities using available technical and non-technical processes, report audit and ConMon findings, and execute incident response as applicable.
Lead and contribute to status meetings.
Develop tactics, techniques, and procedures.
Manage configuration baselines of both hardware and software.
Identify system architecture flaws using industry standard tools (e.g. STIG, SCAP, Nessus) that will be communicated to the ISSM for review.
Mentor and train other ISSOs.
Perform other duties as assigned.
Skills/Abilities
Ability to audit complex information systems using native command languages (PS/BASH).
Ability to conduct security analyses, including security configurations and risk assessments.
Familiarity working with DoD/IC Security Control Assessors.
Familiarity with C2G/C2C interconnected systems and/or Wide Area Network (WAN) environments.
Understanding of virtual environments and containerization tools/technologies.
Ability to apply techniques for detecting host and network based intrusions using intrusion detection technologies.
Ability to write scripts/queries for common tools.
Ability to function effectively in a dynamic, fast paced environment.
Strong interpersonal skills with effective verbal and written communication skills.
Clear and structured thought processes and coherent decision making skills.
Education
Bachelors Degree in Computer Science, Cybersecurity, Information Technology or equivalent field of study required.
Possesses an IAM I/IAT II certification, or greater.
Experience
5-7 years of experience as an ISSO or similar, implementing DCSA Assessment and Authorization Process Manual (DAAPM), DoD Joint Special Access Program Implementation Guide (JSIG), and/or Intelligence Community Directive (ICD) 503 Risk Management, Certification and Accreditation requirements.
Additional Job Description:
Applicants selected for this position will be required to obtain and maintain a government security clearance .
Current in scope Top Secret security clearance is required.
Connect With Draper for Future Opportunities! If you don't find the right posting in our Career Opportunities, you may submit your resume for future consideration.
Job Location - City:
CambridgeJob Location - State:
MassachusettsJob Location - Postal Code:
02139-3563Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.
Equal Employment Opportunity:
Draper is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Draper is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com.