Information System Security Officer

Cambridge, MA, United States

Information System Security Officer

Job Location

US-MA-Cambridge

Requisition ID

2024-8102

Overview

Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.

Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.

Equal Employment Opportunity

Draper is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.

Draper is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact [email protected].

Responsibilities

Responsibilities :

The Information Systems Security Officer (ISSO) will support multiple critical Department of Defense (DoD) information systems. The ISSO ensures systems are operated, maintained, and disposed of in accordance with the DAAPM, JSIG, or ICD-503. The ISSO will work with the Information System Security Manager for their assigned systems. The ISSO shall have the detailed knowledge and expertise required to manage the security aspects of an information system and, in many organizations, is assigned responsibility for the day-to-day security operations of a system. Responsibilities also include physical and environmental protection, personnel security, incident handling, and security training and awareness. In close coordination with the ISSM and ISO, the ISSO plays an active role in monitoring a system and its environment of operation to include developing and updating the SSP, managing and controlling changes to the system, and assessing the security impact of those changes.The successful candidate must be knowledgeable of information technology and security principles. This is a multi-tasking environment that demands customer service, communication, and organizational skills. Due to the nature of this work, this job requires on-site presence in Cambridge, MA. Some travel may be required.

The ISSO will:

Assist the ISSM in meeting their duties and responsibilities. The ISSO shall assume ISSM responsibilities in the absence of the ISSM; Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package;

Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties;

Maintain required IA certifications;

Ensure all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS;

Report all security-related incidents to the ISSM;

Conduct periodic reviews of information systems to ensure compliance with the security authorization package;

Serve as member of the CCB, if designated by the ISSM;

Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change;

Formally notify the ISSM and AO/DAO when changes occur that might affect system authorization;

Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly;

Ensure all IS security-related documentation is current and accessible to properly authorized individuals; and

Ensure audit records are collected, reviewed, and documented (to include any anomalies).

Conduct Audits and Continuous Monitoring (ConMon) activities using available technical and non-technical processes.

Reports Audit and ConMon findings

Execute incident response

Attends and contributes to status meetings

Manage configuration baselines of both hardware and software

Identify system architecture flaws using industry standard tools (e.g. STIG, SCAP, Nessus) that will be flowed to the ISSM for review.

Mentors and coaches jr. ISSOs

Qualifications

Qualifications :

Required Qualifications :

Must have experience.

BA with 2 years experience or 4 years relevant industry experience

Fundamental understanding of common auditing techniques

Experience with RMF (NIST SP 800-53, JSIG, DAAPM, ICD 503), IR, Vulnerability Management, SCAP, STIG, and Security-Relevant Tools.

Preferred experience with auditing systems using native language (PS/BASH), with tools and basic scripts / queries, and experience working with ISSMs to create and manage POA&Ms.

Ability to obtain a Top Secret/SCI clearance and willing to take a CI-Poly (customer dependent and/or department dependent). Develops and oversees operational information systems security implementation policy and guidelines.

Preferred Qualifications :

Understanding of vulnerability scans (Nessus, Nexpose, or ACAS experience desired).

Preferred experience with RMF (NIST SP 800-53, JSIG, DAAPM, ICD 503), IR, Vulnerability Management, SCAP, STIG, and Security-Relevant Tools.

Preferred experience interfacing with DCSA/DoD/IC Security Control Assessors.

Experience auditing security functions of information systems including Windows 10/11, Windows Server 2016/2019/2022, RHEL 7/8/9, Cisco Networking gear and VMWare products.

BA/BS degree or higher from an accredited college or university.

An active CompTIA Security+ certification.

Security Requirement : Current in scope Top Secret security clearance is required.

Connect With Draper for Future Opportunities!

If you don't find the right posting in our Career Opportunities, you may submit your resume for future consideration.