Amentum is currently seeking an Information System Security Official for a contract at the National Aeronautics and Space Administration (NASA), Hampton, VA location. The Information System Security Official (ISSO) services provide cybersecurity Subject Matter Experts (SMEs) to support NASA Information Systems. Amentum is a leading provider of engineering, scientific, and program management support services to some of the top agencies in the U.S. Government, including NASA, Defense Advanced Research Projects Agency (DARPA), the Department of Homeland Security and the Intelligence Community.

　　Job Duties and Responsibilities:

　　Develop and maintain detailed and accurate System Security Plans (SSP), including security documentation for component and interface specifications, to support appropriate cybersecurity and privacy throughout the information systems’ life cycle

　　Assist the Information System Owner (ISO) and Information System Security Manager (ISSM) in ensuring that all components of the information system are appropriately updated and patched in accordance with Federal and NASA requirements

　　Support the Government with identifying and prioritizing essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability

　　Provide technical guidance to address the adequacy and effectiveness of information security policies, procedures, and practices

　　Ensure that cybersecurity design and development activities are properly documented (providing a functional description of security implementation) and updated as necessary

　　Ensure Privacy Threshold Assessments (PTA) and Privacy Impact Assessments (PIA) are conducted as required

　　Review cyber intelligence threats reports, including but not limited to SOC MARs, SARs, and DHS/CISA Emergency Directives, in order to identify threats to the information system and develop mitigations

　　Provide subject matter expertise and recommendations as part of RMF process activities and development of related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials)

　　Evaluate cloud service providers’ security posture and develop associated recommendations for restrictions, conditions and control responsibility parsing

　　Write Plan of Action and Milestones (POA&M’s) and Risk Based Decisions (RBD’s) for the System Security Plan (SSP) controls within the NASA Risk Information Security Compliance System (RISCS) tool.

　　Ensure contingency plans and system controls are reviewed and tested in accordance with the Agency requirements.

　　Analyze system logs to identify potential issues and perform routine audits of systems and applications.

　　Ensure critical vulnerabilities that require immediate attention are remediated, as identified in the Security Operation Center (SOC) Mitigation Action Recommendation (MAR).

　　Ensure the installation of security/vulnerability patch updates, operating system level patches and upgrades to include new versions.

　　Provide IT security support to communication systems as needed and serve as a technical resource to Information System Security Officer(s) (ISSO) and other IT professionals

　　Document Writing and Development: The contractor shall assist in the development and updating of the following: System Security Plan, Contingency Plan, Disaster Recovery Plans, Risk Assessment Report, annual review package, work instructions, policies, and procedural guides affecting the overall IT and security posture of the environment

　　Assessment and Authorization: Support the Assessment and Authorization (A&A) process by preparing associated documentation, building, and tracking Plan of Action and Milestones (POA&M), and monitoring A&A activities

　　Required Qualifications:

　　Must have an Active Top Secret US Government Clearance. Please note US Citizenship is required to obtain a Top Secret Clearance.

　　BS with 5 years’ of professional experience in cybersecurity design and development activities

　　Strong oral and written communication skills

　　Desired qualifications:

　　SCI clearance eligibility

　　Experience in NASA Security or served as an ISSO in other agencies.

　　Experience in NASA Risk Information Security Compliance System and Assessment and Authorization.

　　Experience with Cloud Services and classified networks.

　　Certification level to meet DoD 8140 IAT or DoD 8570 IAT Level II certification or higher.

　　Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran’s status, ancestry, sexual orientation, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law.

　　Labor Law Posters (https://postings.govdocs.com/#/vxSkbztPuAwwxfs)

　　EEO including Disability/Protected Veterans